Azure AD SSO integration | Community
Skip to main content
Sebastian_Melle
Sebastian_Melle
New Participant
December 9, 2019
Solved

Azure AD SSO integration

  • December 9, 2019
  • 1 reply
  • 8696 views

Hi all, 

I'm trying to configure SSO via Azure AD. I followed the msdocs tutorial but I bump into an issue that is already described on this link. SAML Assertion Not Passed from Azure to Marketo  

The sign-on URL is empty as described in the article. Was anyone able to successfully configure SSO with Azure AD? If yes, any tips on this config? 

As entity ID I have this information: http://saml.marketo.com/sp 

Reply URL is : login.marketo.com/saml/assertion/\<muchkinid> 

in msdocs it's written like  login.marketo.com/saml/assertion/\<muchkinid\> but i removed the following characters \<\>

With kind regards,

Sebastian

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by Amit_Jain

    We have SSO enabled using Azure AD.

    All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like saml.marketo.com/sp/<munchkin ID>.

    Try this and let me know if this works.

    1 reply

    Amit_Jain
    Amit_JainAccepted solution
    Community Manager
    December 9, 2019

    We have SSO enabled using Azure AD.

    All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like saml.marketo.com/sp/<munchkin ID>.

    Try this and let me know if this works.

      Sebastian_Melle
      Sebastian_MelleAuthor
      New Participant
      December 9, 2019

      Hey Amit,

      Thanks for the very quick response, this was indeed the missing piece to have this configuration working (strange that it is not documented on the msdocs like this). 

      If I may, i have one other question. 

      With this configuration, users that just navigate to login.marketo.com can login with information stored in marketo (user + pass). If they now go via the application url which was created in azure by adding the application, they have of course single sign-on. Do you know if you can force maketo to always use the Azure information instead of having both options? 

      With kind regards,

      Sebastian 

      Amit_Jain
      Amit_Jain
      Community Manager
      December 9, 2019

      Yes, you can force people to go through the application link instead of directly going to login.marketo.com. To do so, you have to modify the user roles. Go to Admin->User and Roles, Clikc on the Role tab->select role and edit.

      At the end of the list of different accesses, you will now be able yo see another options i.e "Bypass Single Sing-on".

      Pro-tip: Keep this un-checked for all the roles except Admin (in case of any issue at least admins will be able to login directly).

        Terms & ConditionsAccessibility statement

        Loading footer...