SOLVED

Azure AD SSO integration

Go to solution
Sebastian_Melle
Level 1

Azure AD SSO integration

Hi all, 

I'm trying to configure SSO via Azure AD. I followed the msdocs tutorial but I bump into an issue that is already described on this link. SAML Assertion Not Passed from Azure to Marketo  

The sign-on URL is empty as described in the article. Was anyone able to successfully configure SSO with Azure AD? If yes, any tips on this config? 

As entity ID I have this information: http://saml.marketo.com/sp 

Reply URL is : https://login.marketo.com/saml/assertion/\<muchkinid> 

in msdocs it's written like  https://login.marketo.com/saml/assertion/\<muchkinid\> but i removed the following characters \<\>

With kind regards,

Sebastian

1 ACCEPTED SOLUTION

Accepted Solutions
Amit_Jain
Level 8 - Community Advisor

Re: Azure AD SSO integration

We have SSO enabled using Azure AD.

All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like http://saml.marketo.com/sp/<munchkin ID>.

Try this and let me know if this works.

View solution in original post

8 REPLIES 8
Amit_Jain
Level 8 - Community Advisor

Re: Azure AD SSO integration

We have SSO enabled using Azure AD.

All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like http://saml.marketo.com/sp/<munchkin ID>.

Try this and let me know if this works.

Sebastian_Melle
Level 1

Re: Azure AD SSO integration

Hey Amit,

Thanks for the very quick response, this was indeed the missing piece to have this configuration working (strange that it is not documented on the msdocs like this). 

If I may, i have one other question. 

With this configuration, users that just navigate to login.marketo.com can login with information stored in marketo (user + pass). If they now go via the application url which was created in azure by adding the application, they have of course single sign-on. Do you know if you can force maketo to always use the Azure information instead of having both options? 

With kind regards,

Sebastian 

Amit_Jain
Level 8 - Community Advisor

Re: Azure AD SSO integration

Yes, you can force people to go through the application link instead of directly going to login.marketo.com. To do so, you have to modify the user roles. Go to Admin->User and Roles, Clikc on the Role tab->select role and edit.

At the end of the list of different accesses, you will now be able yo see another options i.e "Bypass Single Sing-on".

pastedImage_1.png

Pro-tip: Keep this un-checked for all the roles except Admin (in case of any issue at least admins will be able to login directly).

Amit_Jain
Level 8 - Community Advisor

Re: Azure AD SSO integration

Let me know if you have any additional question and please mark my reply as correct answer.

Legrandcharles
Level 1

Re: Azure AD SSO integration

Hi Amit Jain

      Can you plz provide the complete configuration for ADFS + Marketo SSO integration?  

 

looking for your email if for further conversation.

kthorpe
Level 1

Re: Azure AD SSO integration

Going to post in here as we are having the exact same issue as per SAML Assertion Not Passed from Azure to Marketo - Marketing Nation

I found this and found we also didn't have the munchkin ID in the entity ID, so I made that change hopeful I'd finally found the problem.... Unfoirtunately no cigar - I'm still getting the exact same issue and I cant see anything that would be causing it?

Re: Azure AD SSO integration

Try clearing the relay state field. And point users to myapplicaton.microsoft.com to login. It should do the trick.

Siva_ssga
Level 1

Re: Azure AD SSO integration

Hi @Amit,

We were trying to configure the SSO login in Marketo with Azure. We provided the below URLs to Azure and we were able to login to Marketo using myapps. But it is showing the Session Expired page. Can you please guide one this

Entity ID - http://saml.marketo.com/sp/<munchkin_id>

ACS URL - https://login.marketo.com/saml/assertion/<munchkin_id>error.PNG