add example for Entra ID with SAML #7732
Conversation
josefaidt
requested review from
aspittel,
swaminator,
renebrandel and
a team
as code owners
| </InlineFilter> | ||
| <InlineFilter filters={["android"]}> | ||
|
|
||
| {/* @todo */} |
There was a problem hiding this comment.
Should we fill these in before merging?
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
…ntra-id-saml/index.mdx
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
…ntra-id-saml/index.mdx
|
|
||
|  | ||
|
|
||
| Rename the file extension to `.cer` in order to upload to Azure. On the **Single sign-on** page, scroll down to **Step 3** (**SAML Certificates**), and under **Verification Certificates (optional)**, select **Edit**. |
There was a problem hiding this comment.
Rename the file extension to
.cerin order to upload to Azure.
I can add an explainer here if needbe, but in short, this form in Azure lets you select a .crt file but doesn't upload. However, it works without renaming if you're configuring a regular App Client as opposed to this Enterprise App
public/images/auth/examples/microsoft-entra-id-saml/cognito-view-signing-certificate.png
Outdated
Show resolved
Hide resolved
| }; | ||
| } | ||
|
|
||
| Microsoft Entra ID can be configured as a SAML provider for use with Amazon Cognito. Integrating Entra ID enables you to sign in with your existing enterprise users, and maintain profiles unique to the Amplify Auth resource for use within your Amplify app. To learn more, visit the [Azure documentation for SAML authentication with Microsoft Entra ID](https://learn.microsoft.com/en-us/entra/architecture/auth-saml). |
There was a problem hiding this comment.
What if i'm using some other SAML provider? Are there generic docs I can follow or lean on?
There was a problem hiding this comment.
we have this page which is sort of generic, should we link out in case someone lands on this page but is looking for general guidance? https://docs.amplify.aws/react/build-a-backend/auth/concepts/external-identity-providers/#configure-saml-provider
|
|
||
| | Label | Value | | ||
| |-------|-------| | ||
| | Identifier (Entity ID) | `urn:amazon:cognito:sp:<your-cognito-user-pool-id>` | |
There was a problem hiding this comment.
But if I do this for sandbox and then need to deploy to prod, that URL will no longer be the same
There was a problem hiding this comment.
yes, though the concept is the same
There was a problem hiding this comment.
added a callout at the top of the page
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
|
|
||
| ## Optionally upload the Cognito Signing Certificate | ||
|
|
||
| In the AWS Console, navigate to your Cognito User Pool. Select the identity provider, **MicrosoftEntraIDSAML**, created after configuring Amplify Auth with the Entra ID SAML provider. Select **View signing certificate** and **download as .crt** |
There was a problem hiding this comment.
Wish there was an easy way to do this through sandbox.
There was a problem hiding this comment.
we can note this for later. thankfully this is optional and a one time action per deployment
src/pages/[platform]/build-a-backend/auth/examples/microsoft-entra-id-saml/index.mdx
Outdated
Show resolved
Hide resolved
Description of changes:
adds guide for setting up Amplify Auth with Entra ID with SAML
Related GitHub issue #, if available:
Instructions
If this PR should not be merged upon approval for any reason, please submit as a DRAFT
Which product(s) are affected by this PR (if applicable)?
Which platform(s) are affected by this PR (if applicable)?
Please add the product(s)/platform(s) affected to the PR title
Checks
Does this PR conform to the styleguide?
Does this PR include filetypes other than markdown or images? Please add or update unit tests accordingly.
Are any files being deleted with this PR? If so, have the needed redirects been created?
Are all links in MDX files using the MDX link syntax rather than HTML link syntax?
ref: MDX:
[link](https://docs.amplify.aws/)HTML:
<a href="https://docs.amplify.aws/">link</a>When this PR is ready to merge, please check the box below
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.