Azure WLAN SSO Integration

Azure Portal


Azure Enterprise App

Azure Active Directory >Enterprise Applications >New Application


Select Set up single sign on:


Select SAML:


Copy and save:

· Azure ID Identifier

· Login URL


Now, navigate to Users and Groups section and click add to add Users or Groups that will be allowed to authenticate via SSO application:


Mist Dashboard

Create WLAN with SSO enabled:


Add Issuer and SSO URL configuration based on the info from Azure App, fill in certificate field with random data for now. Click Create:


After the WLAN is created, the system will generate Portal SSO URL (not available before WLAN is created). Copy Portal SSO URL and save it somewhere:


Back to Azure Portal

On Azure App config go to Basic SAML Configuration:


Paste the Portal SSO URL into below three fields and Save:


Save and now edit User Attributes & Claims section:


Delete “emailaddress” claim:


Delete “name” claim as shown below:


Edit “givenname” claim. Empty the Namespace field and change Name field to “FirstName”:


Edit surname claim. Empty the Namespace field and change Name field to LastName:


Go back to the main SAML configuration page and scroll to section 3 and click edit.

Select to sign both SAML Response and Assertion:


Now go back and click on Download Base 64 certificate:


Back to Mist Dashboard

Open this certificate as a text file, copy its contents into Mist SSO config under WLAN, set Signing Algorithm as SHA256 and configure default role for guest authorization (optional):


As a final step, add the following FQDNs into the Allowed Hostnames field to allow the guest clients to access Microsoft for login via Azure:,,,, Microsoft account ,,,