Multiple AWS instances - unique identifier required? #57571
Comments
|
@MrAzureAD Thank you for your feedback . We will investigate and update the thread. |
|
@MrAzureAD Adding "#" and followed by a unique number is required only when there are multiple instances of Amazon Web Services (AWS) enterprise application added to the same Azure AD tenant. The reason is Identifier (Entity ID) should be unique for every Enterprise Application. You cannot use "https://signin.aws.amazon.com/saml" as identifier in multiple instances of Amazon Web Services (AWS) app. So, if there are 2 instances of AWS app, we add #1 and #2 at the end of the Identifier url. Azure AD eventually removes the value of # and sends https://signin.aws.amazon.com/saml as the audience URL in the token. In short, using #Number is not mandatory in Identifier. It needs to be used only when there are multiple instances of AWS in same tenant. If there is only one instance, you do not need to specify that. Since this document is providing general guidelines to automate SAML-based SSO app configuration with Microsoft Graph API, and a single instance of AWS app is used as an example. |
|
Understood. However the example is AWS and AWS is one of the major use cases why to use automated creation of AAD apps. So from that perspective, I would like this fact being mentioned. |
|
@amanmcse Does this still work? I saw a reddit forum which said it doesn't work as of now, is there any alternative way to achieve this? |
In a multiple AWS instances scenario, it used to be required to make the AWS identifier URI unique by adding "#" and any unique value.
This is still mentioned in the AAD tutorial for AWS here
This doc should make clear if for AWS a unique identifier is still required or not.
Document Details
⚠ Do not edit this section. It is required for docs.microsoft.com ➟ GitHub issue linking.
The text was updated successfully, but these errors were encountered: