Creating a new application

Last Updated : Jun 10, 2026 |

About this task

Use this procedure to configure a new application for SSO on the Microsoft Azure portal.

When configuring the application, you obtain an identity provider alias and configuration file. You will need this data later when configuring an Azure AD identity provider on Keycloak.

Before you begin

Ensure that you:

  • Have an active Microsoft Azure subscription.

  • Have an administrative account with the Global Administrator role.

Procedure

  1. Log in to https://portal.azure.com as an administrator.
  2. Navigate to Azure Active Directory > Enterprise Applications > All applications.
  3. On the All applications page, click New application.
  4. Click Create your own application.
  5. In Name, type a name of your choice for the application.
  6. In What are you looking to do with your application?, select Integrate any other application you don't find in the gallery.
  7. Click Create.
  8. Navigate to the All applications page and click the application that you have just created.
  9. On the Overview page, in the Getting Started area, click Set up single sign-on.
  10. In the Select a single sing-on method area, select SAML.

    Microsoft Azure displays the Single Sign-On with SAML — Preview page.

  11. On the Set up Single Sign-On with SAML page, in the Basic SAML Configuration area, click Edit.
  12. On the Basic SAML configuration page, configure the following settings:
    1. In Identifier (Entity ID), type https://<AADS FQDN>/auth/realms/SolutionRealm.

      In this string, <AADS FQDN> is the Avaya Aura® Device Services front-end FQDN.

    2. In Reply URL (Assertion Consumer Service URL), type https://<AADS FQDN>/auth/realms/SolutionRealm/broker/<IDP alias>/endpoint.

      In this string, <IDP alias> is an identity provider alias of your choice. For example, AzureSAML.

    3. Leave default values for other fields.
    4. Click Save.
  13. Remember the identity provider alias that you used in the previous step.

    You will use this alias when creating an Azure AD SAML provider on Keycloak.

  14. On the Set up Single Sign-On with SAML page, in the User Attributes and Claims area, click Edit.
  15. On the User Attributes & Claims page, click Add a group claim and then configure the following settings:
    1. In Which groups client used by Azure AD to populate SAML tokens, select All groups.
    2. In Source attribute, select Group ID.
    3. Leave default values for other fields.
    4. Click Save.
  16. In the SAML Signing certificate area, click Download next to Federation Metadata XML to download an XML file with federation metadata.

    You will use this XML configuration file when creating an Azure AD SAML provider on Keycloak.

  17. Click Save.