Direct federation is a public preview feature of Azure Active Directory. For more information about previews, see Supplemental Terms of Use for Microsoft Azure Previews. |
https://myapps.microsoft.com/?tenantid=<tenant id>
or https://portal.azure.com/<tenant id>
, or in the case of a verified domain, https://myapps.microsoft.com/<verified domain>.onmicrosoft.com
). Direct links to applications and resources also work as long as they include the tenant context. Direct federation users are currently unable to sign in using common endpoints that have no tenant context. For example, using https://myapps.microsoft.com
, https://portal.azure.com
, or https://teams.microsoft.com
will result in an error.https://fabrikam.com/adfs
will pass the validation. A host in the same domain will also pass, for example https://sts.fabrikam.com/adfs
. However, the authentication URL https://fabrikamconglomerate.com/adfs
or https://fabrikam.com.uk/adfs
for the same domain won't pass.Attribute | Value |
---|---|
AssertionConsumerService | https://login.microsoftonline.com/login.srf |
Audience | urn:federation:MicrosoftOnline |
Issuer | The issuer URI of the partner IdP, for example http://www.example.com/exk10l6w90DHM0yi... |
Attribute | Value |
---|---|
NameID Format | urn:oasis:names:tc:SAML:2.0:nameid-format:persistent |
emailaddress | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
Attribute | Value |
---|---|
PassiveRequestorEndpoint | https://login.microsoftonline.com/login.srf |
Audience | urn:federation:MicrosoftOnline |
Issuer | The issuer URI of the partner IdP, for example http://www.example.com/exk10l6w90DHM0yi... |
Attribute | Value |
---|---|
ImmutableID | http://schemas.microsoft.com/LiveID/Federation/2008/05/ImmutableID |
emailaddress | http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress |
https://sts.totheclouddemo.com/federationmetadata/2007-06/federationmetadata.xml
.