Re: Azure AD SSO integration

Sebastian_Melle · ‎12-09-2019

Hi all,

I'm trying to configure SSO via Azure AD. I followed the msdocs tutorial but I bump into an issue that is already described on this link. SAML Assertion Not Passed from Azure to Marketo

The sign-on URL is empty as described in the article. Was anyone able to successfully configure SSO with Azure AD? If yes, any tips on this config?

As entity ID I have this information: http://saml.marketo.com/sp

Reply URL is : https://login.marketo.com/saml/assertion/\<muchkinid>

in msdocs it's written like https://login.marketo.com/saml/assertion/\<muchkinid\> but i removed the following characters \<\>

With kind regards,

Sebastian

Amit_Jain · ‎12-09-2019

We have SSO enabled using Azure AD.

All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like http://saml.marketo.com/sp/<munchkin ID>.

Try this and let me know if this works.

View solution in original post

Amit_Jain · ‎12-09-2019

We have SSO enabled using Azure AD.

All looks fine excelpt you have to add the munchkin ID in the Entry ID as well. It should be like http://saml.marketo.com/sp/<munchkin ID>.

Try this and let me know if this works.

Sebastian_Melle · ‎12-09-2019

Hey Amit,

Thanks for the very quick response, this was indeed the missing piece to have this configuration working (strange that it is not documented on the msdocs like this).

If I may, i have one other question.

With this configuration, users that just navigate to login.marketo.com can login with information stored in marketo (user + pass). If they now go via the application url which was created in azure by adding the application, they have of course single sign-on. Do you know if you can force maketo to always use the Azure information instead of having both options?

With kind regards,

Sebastian

Amit_Jain · ‎12-09-2019

Yes, you can force people to go through the application link instead of directly going to login.marketo.com. To do so, you have to modify the user roles. Go to Admin->User and Roles, Clikc on the Role tab->select role and edit.

At the end of the list of different accesses, you will now be able yo see another options i.e "Bypass Single Sing-on".

Pro-tip: Keep this un-checked for all the roles except Admin (in case of any issue at least admins will be able to login directly).

Amit_Jain · ‎12-09-2019

Let me know if you have any additional question and please mark my reply as correct answer.

Legrandcharles · ‎02-04-2020

Hi Amit Jain

Can you plz provide the complete configuration for ADFS + Marketo SSO integration?

looking for your email if for further conversation.

kthorpe · ‎11-08-2021

Going to post in here as we are having the exact same issue as per SAML Assertion Not Passed from Azure to Marketo - Marketing Nation

I found this and found we also didn't have the munchkin ID in the entity ID, so I made that change hopeful I'd finally found the problem.... Unfoirtunately no cigar - I'm still getting the exact same issue and I cant see anything that would be causing it?

Matjaž_Jaušove2 · ‎11-17-2021

Try clearing the relay state field. And point users to myapplicaton.microsoft.com to login. It should do the trick.

Siva_ssga · ‎11-17-2021

Hi @Amit,

We were trying to configure the SSO login in Marketo with Azure. We provided the below URLs to Azure and we were able to login to Marketo using myapps. But it is showing the Session Expired page. Can you please guide one this

Entity ID - http://saml.marketo.com/sp/<munchkin_id>

ACS URL - https://login.marketo.com/saml/assertion/<munchkin_id>