[v.9.0] /docs/pages/enterprise/sso/azuread.mdx

[ArunNadda]

Details

Add comments to acs to make it clear that /v1/webapi/saml/acs should be added to the end of proxy address. So comments should look something like

  # acs is the Assertion Consumer Service URL. `https://teleport.example.com:3080` should be replace with your proxy address 
  # acs value should be `https://<TELEPORT_PROXY_ADRR>:port/v1/webapi/saml/acs`
  acs: https://teleport.example.com:3080/v1/webapi/saml/acs

in below config.

kind: saml
version: v2
metadata:
  # the name of the connector
  name: azure-saml
spec:
  display: "Microsoft"
  # acs is the Assertion Consumer Service URL. This should be the address of
  # the Teleport proxy that your identity provider will communicate with.
  acs: https://teleport.example.com:3080/v1/webapi/saml/acs
  attributes_to_roles:
    - {name: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups", value: "<group id 930210...>", roles: ["editor"]}
    - {name: "http://schemas.microsoft.com/ws/2008/06/identity/claims/groups", value: "<group id 93b110...>", roles: ["dev"]}
  entity_descriptor: |
    <federationmedata.xml contents>

Category

• Improve Existing

[rsyracuse]

This change is now live