-
Notifications
You must be signed in to change notification settings - Fork 1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add example for Entra ID with SAML #7732
add example for Entra ID with SAML #7732
Conversation
</InlineFilter> | ||
<InlineFilter filters={["android"]}> | ||
|
||
{/* @todo */} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we fill these in before merging?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
…ntra-id-saml/index.mdx
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
…ntra-id-saml/index.mdx
|
||
![Amazon Cognito console highlighting "view signing certificate" for SAML provider](/images/auth/examples/microsoft-entra-id-saml/cognito-view-signing-certificate.png) | ||
|
||
Rename the file extension to `.cer` in order to upload to Azure. On the **Single sign-on** page, scroll down to **Step 3** (**SAML Certificates**), and under **Verification Certificates (optional)**, select **Edit**. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Rename the file extension to
.cer
in order to upload to Azure.
I can add an explainer here if needbe, but in short, this form in Azure lets you select a .crt
file but doesn't upload. However, it works without renaming if you're configuring a regular App Client as opposed to this Enterprise App
public/images/auth/examples/microsoft-entra-id-saml/cognito-view-signing-certificate.png
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Mostly looks good. Small comments.
}; | ||
} | ||
|
||
Microsoft Entra ID can be configured as a SAML provider for use with Amazon Cognito. Integrating Entra ID enables you to sign in with your existing enterprise users, and maintain profiles unique to the Amplify Auth resource for use within your Amplify app. To learn more, visit the [Azure documentation for SAML authentication with Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/architecture/auth-saml). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What if i'm using some other SAML provider? Are there generic docs I can follow or lean on?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we have this page which is sort of generic, should we link out in case someone lands on this page but is looking for general guidance? https://docs.amplify.aws/react/build-a-backend/auth/concepts/external-identity-providers/#configure-saml-provider
|
||
| Label | Value | | ||
|-------|-------| | ||
| Identifier (Entity ID) | `urn:amazon:cognito:sp:<your-cognito-user-pool-id>` | |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But if I do this for sandbox and then need to deploy to prod, that URL will no longer be the same
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
yes, though the concept is the same
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
added a callout at the top of the page
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
|
||
## Optionally upload the Cognito Signing Certificate | ||
|
||
In the AWS Console, navigate to your Cognito User Pool. Select the identity provider, **MicrosoftEntraIDSAML**, created after configuring Amplify Auth with the Entra ID SAML provider. Select **View signing certificate** and **download as .crt** |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wish there was an easy way to do this through sandbox.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
we can note this for later. thankfully this is optional and a one time action per deployment
Description of changes:
adds guide for setting up Amplify Auth with Entra ID with SAML
Related GitHub issue #, if available:
Instructions
If this PR should not be merged upon approval for any reason, please submit as a DRAFT
Which product(s) are affected by this PR (if applicable)?
Which platform(s) are affected by this PR (if applicable)?
Please add the product(s)/platform(s) affected to the PR title
Checks
Does this PR conform to the styleguide?
Does this PR include filetypes other than markdown or images? Please add or update unit tests accordingly.
Are any files being deleted with this PR? If so, have the needed redirects been created?
Are all links in MDX files using the MDX link syntax rather than HTML link syntax?
ref: MDX:
[link](https://docs.amplify.aws/)
HTML:
<a href="https://docs.amplify.aws/">link</a>
When this PR is ready to merge, please check the box below
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.