Adding a SAML Application for SharePoint Server Agent End-User Recovery

After you register the application using Azure AD, integrate with Azure AD by adding a SAML application in the Command Center.

Before You Begin

• Create a certificate and private key (Java keystore (jks) file).

• Create a user group.

• Using Azure AD, register the application.

Procedure

1. In the Command Center, from the navigation pane, go to Manage > Security > Identity servers.

   The Identity servers page appears.

2. To create an identity server, click Add.

   The Add domain dialog box appears.

3. Click SAML.

4. In the Domain name box, enter an application name.

5. Upload the IdP metadata:

   1. Next to the Upload IDP metadata box, click Browse.

   2. Browse to the location of the XML file that you downloaded from the Microsoft Azure portal, select the file, and then click Open.

6. Generate the SP metadata:

   1. Under Generate new SP metadata, next to the Upload key store file box, click Browse.

   2. Browse to the location of the keystore file, for example, C:\security\mykeystore.jks, select the file, and click Open.

7. Type the corresponding information for the .jks file.

8. Complete the application, and then click Save.

9. Add an identity redirect rule:

   1. On the Identity servers page, click the SAML application that you created.

   2. Under Identity redirect rule, click Add identity redirect rule.

      The Add identity redirect rule dialog box appears.

   3. Optional: In the Domain name box, type a domain name.

   4. In the Associated SMTP box, type the SMTP address of the domain, and then click Add.

10. Under General, copy the single sign-on URL, and then record it.

11. From the navigation pane, go to Security > User groups, and then add your user group.

What to Do Next

In Azure AD, replace the Web Console URL with the single sign-on URL that you recorded in the Command Center.