1. Create a new application in Azure
Access the Azure admin backend page, navigate to the Applications page, and click on New application.
Select Create your own application, enter an application name such as dify, then choose Integrate any other application you don’t find in the gallery (Non-gallery), and click Create.
Next, you need to assign visible members to this application. Only authorized Azure members will be allowed to log in to the Dify Enterprise. Select Users and groups on the left side of the application, then click Add user/group.
2. Configure the application
Click on the Single sign-on option under Manage on the left side of the application, then select the SAML.
Edit the SAML configuration, fill in the Dify Enterprise’s ACS URL in both the Entity ID and Reply URL fields.
System administrators need to go to the Authentication page of the Dify Enterprise, click ”+ New Identity Provider → New SAML Provider”, and then obtain the ACS URL.
It typically follows this format:
Advanced configuration: Edit attributes and claims
- Click on Unique User Identifier (Name ID) under Required claim
- Change the source attribute to
user.mail
3. Complete the configuration on Dify
System administrators click on the Authentication page of the Dify Enterprise, click ”+ New Identity Provider → New SAML Provider”,- Fill in the Azure application’s Login URL in the IdP SSO URL field;
-
Fill in the content of the downloaded Certificate file in the X509 Signing Certificate field, use the following format: