Azure SSO (legacy — superseded by Microsoft Entra ID SSO)
Microsoft·AE_Azure_SSO_ConfigurationGuide
Overview
The Azure SSO connector is the legacy / pre-rebrand SAML SSO connector for what Microsoft now calls Microsoft Entra ID (the rebrand happened in mid-2023). For new deployments, use microsoft-entra-id-sso — they are functionally identical because Azure AD is Entra ID; only the product naming changed.
This record is preserved for customers still running on the older configuration guide and as documentation reference for the rebrand. The technical pattern is identical: AE Guardian as SAML SP, Entra ID (née Azure AD) as IdP, non-gallery Enterprise Application configured with AE metadata.
Architecture
Composed from this connector's actors + edges. Trust zones are color-coded; trust crossings render as thicker lines.
Authentication
1 method supported
Same SAML 2.0 federation pattern as microsoft-entra-id-sso.
Prerequisites
Everything that must be in place for this connector to work, with the owner who's responsible.
See [[microsoft-entra-id-sso]] prerequisites
customerIdentical setup; only product naming differs.
Known limitations
Documented constraints to set customer expectations before deployment.
Superseded by [[microsoft-entra-id-sso]]
importantUse the renamed connector for new deployments. Azure SSO is preserved for backward compatibility with existing configuration documentation only.
IAM specifics
- OIDC
- yes
- SAML
- yes
- SCIM
- yes
- JIT provisioning
- configurable
- Source of record
- No
- src/connectors/azure-sso/source.pdf — Full configuration guide — 20 pages, updated 2025-08-22