Issue with Marketo SSO implementation with Azure AD

Thanks for your response with detailed pointers. I have cross checked, and as you have pointed out, the Azure AD login URL was incorrect. I have found a correct one from the Azure AD application.

While I confirm that the Entity ID in Marketo is correct and matches the Identifier in Azure AD, I'm a little confused with your last two points regarding the Reply URL and Relay State. This is not something that we update within Marketo, isn't it? I would appreciate it if you could please elaborate on this.

Additionally, although we now have the correct login URL, we are facing a different error that says "Error processing SAML message. Request was ill-formed in some way". I have found a post regarding the same issue (though it's for Okta SSO), and I have reached out to Adobe support as suggested in the post: https://nation.marketo.com/t5/product-discussions/marketo-and-okta-sso/m-p/331372#M187119

Besides, could you please provide any other suggestions to help resolve this issue?

You're right, we update the Reply and Relay state URLs in Azure's Basic SAML Configuration section. What I meant is that you should have added the correct Munchkin ID of your instance in both URLs; I also updated the last 2 pointers to be clearer. Additionally, the error message "Error processing SAML message. Request was ill-formed in some way" means that the SAML message that was sent to Azure AD was not valid. This can happen if there is an error in the SAML configuration, or if the SAML message was tampered with (typically indicates an issue with the formatting or structure of the SAML message). Let us know what Adobe comes back with. Also, just to verify, I hope you downloaded the Base64 Certification and uploaded it to Marketo > Identity Provider Certificate.

Thanks for the clarification. I confirm that we have added the correct Reply and Relay State URLs. Also, I have added the Base64 certification within Marketo. As far as the error message, I have gotten a response from Adobe Support asking me to check for the SAML assertion. I will again coordinate with our internal team to make sure they have configured SAML properly and will keep you informed.

Thank you for posting an update here, @Sumanth_KV! Yeah, this error most likely has to do with an issue with the SAML assertion/configuration. Let us know what your time finds out. 🙂

I would like to confirm that this issue has been resolved now and is working fine. I believe it was because of a small error in the Microsoft document wherein as per the document, the identifier URL in the Azure application should start with https://," which is incorrect. This has to be http://," which should match with the entity ID of Marketo (which is correct in the Microsoft document). Thanks, @Darshil_Shah1 for your pointer ("The Entity ID in Marketo must match the Identifier in Azure AD"), which helped us make a minor adjustment. Here is how we have updated now:

Identifier in Azure AD: http://saml.marketo.com/sp/<munchkin_id>
Entity ID in Marketo: http://saml.marketo.com/sp/<munchkin_id>

Thank you so much for posting an update here on the thread, @Sumanth_KV! Great to know that you were able to fix this, and of course, you're very welcome! Happy to be of help. 🙂