Authentication using Azure AD

I see that the documentation for SAML is via Auth0 (Okta). Is there a way to do it directly with Azure AD by creating an Entreprise Application or using App registrations on Microsoft Entra admin center side?

I know I can add SAML authentication via Azure AD but not sure if everything else remain the same on your end and if I need to call the same api Redirect URL?


Saml via Auth0 probably work,
code is as below, please try and let us know.

entryPoint: saml.loginUrl,
issuer: saml.issuer,
cert: prepareCert(saml.cert),
passReqToCallback: true,
callbackUrl: ${url}/api/auth/saml/auth0/callback

I linked Azure AD to Auth0 but I must be missing something. The Login url in Ferrumgate should be what exactly? I only see the default login prompt by default not a link to Auth0 for the login authentication. If I manually enter the “Identity Provider Login URL” in my browser grabbed from Auth0 it seems to sign me in but when I try to connect to the default webpage of Ferrumgate server I only see the local login Sign in window.
Capture d’écran, le 2023-05-17 à 15.50.12

there is a bug on ui.
please follow these steps

  • docker pull ferrumgate/ui.portal:1.8.0
  • ferrumgate --stop
  • ferrumgate --start
  • on
  • create an application and from single/sign-on select SAML

identifier(Entity Id) is issuer
App Federation Metadata Url is Login Url
Download Certifcate Base64 and paste

add Auth0/SAML like this

I now see the Auth0 icon on the main login screen but using Azure AD directly gave me an error. So what I did is use auth0 connected in the backend with Azure AD and it seems to be working now.

Ok I saw that there’s some limitation with a dev account on Auth0 so I presume using Azure AD directly should be better.
When I use the test Sign-In on Azure portal I can connect in Ferrumgate fine but when I click on the Auth0 icon I get redirected to an XML file so I presume I must change something on the configuration on the Auth0/SAML config on Ferrumgate server?

Ok I found the issue I need to select the Login URL not the App Federation Metadata URL and it’s working

Capture d’écran, le 2023-05-18 à 10.37.48

we will add Azure AD support directly on version 1.9.0

I have an issue when using Azure AD, on Microsoft Edge on an Azure AD added PC:

AADSTS75011: Authentication method ‘X509, MultiFactor’ by which the user authenticated with the service doesn’t match requested authentication method ‘Password, ProtectedTransport’. Contact the ferrumgate application owner.

Microsoft have an article: Error - AADSTS75011 Authentication method by which the user authenticated with the service doesn't match requested authentication method AuthnContextClassRef. - Active Directory | Microsoft Learn

Is it possible to change PasswordProtectedTransport with unspecified?

we disabled AuthnContext, please try after below commands

docker pull ferrumgate/rest.portal:1.12.0
ferrumgate --restart

Yep, that fixed it. Thanks.