Home

SSO login for a SaaS application using myapps

%3CLINGO-SUB%20id%3D%22lingo-sub-360074%22%20slang%3D%22en-US%22%3ESSO%20login%20for%20a%20SaaS%20application%20using%20myapps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360074%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20understand%20the%20URL%20specifications%20or%20what%20is%20happening%20on%20a%20SSO%20login%20to%20Workday%20and%20Oracle.%20On-premise%20AD%20is%20sync'd%20to%20Azure%20AD%20and%20IDP%20for%20Workday%20and%20Oracle.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20default%20url%20for%20access%20we%20were%20using%20was%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FWorkday%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FWorkday%2F%3C%2FA%3E%3CEM%3Eguid1_removed%3C%2FEM%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FOracle%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FOracle%2F%3C%2FA%3E%3CEM%3Eguid2_removed%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMost%20users%20just%20float%20in%20as%20expected%2C%20no%20username%20or%20password%20prompt.%20Some%20users%20though%2C%20are%20prompted%20to%20select%20a%20user%20account%20from%20the%20%22known%20logins%22%20and%20this%20is%20the%20issue%2C%20we%20are%20not%20expecting%20this.%3C%2FP%3E%3CP%3EIf%20we%20use%20the%20following%20URL%20then%20it%20floats%20in%20as%20expected.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2F%3C%2FA%3E%3CEM%3Etenancy%3C%2FEM%3E.com%2Fsignin%2FWorkday%2F%3CEM%3Eguid1_removed%26nbsp%3B%3C%2FEM%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2F%3C%2FA%3E%3CEM%3Etenancy%3C%2FEM%3E.com%2Fsignin%2FOracle%2F%3CEM%3Eguid2_removed%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWondering%20why%20we%20are%20being%20challenged%20on%20some%20clients%20to%20select%20an%20account%3F%3C%2FP%3E%3CP%3EIs%20there%20any%20documentation%20on%20the%20makeup%20of%20the%20URL%20for%20myapps%3F%3C%2FP%3E%3CP%3EFound%20some%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Ffundamentals%2Fcustomize-branding%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ECompany%20Branding%3C%2FA%3E%20allowing%20for%20a%20known%20landing%20page%20with%20Company%20Branding%20where%20I%20assume%20the%20%3Fwhr%3D%20is%20the%20Domain%20Hint%20as%20per%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FUsing-Azure-AD-to-land-users-on-their-custom-login-page-from%2Fba-p%2F243900%22%20target%3D%22_self%22%3ECustom%20Login%20Page%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%3Fwhr%3DMyTenant.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%3Fwhr%3DMyTenant.com%3C%2FA%3E%3C%2FP%3E%3CP%3EWhere%20MyTenant%20is%20my%20branded%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-360074%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
JoeMcGlynn
New Contributor

Trying to understand the URL specifications or what is happening on a SSO login to Workday and Oracle. On-premise AD is sync'd to Azure AD and IDP for Workday and Oracle.

 

The default url for access we were using was

https://myapps.microsoft.com/signin/Workday/guid1_removed
https://myapps.microsoft.com/signin/Oracle/guid2_removed

 

Most users just float in as expected, no username or password prompt. Some users though, are prompted to select a user account from the "known logins" and this is the issue, we are not expecting this.

If we use the following URL then it floats in as expected.

https://myapps.microsoft.com/tenancy.com/signin/Workday/guid1_removed 
https://myapps.microsoft.com/tenancy.com/signin/Oracle/guid2_removed

 

Wondering why we are being challenged on some clients to select an account?

Is there any documentation on the makeup of the URL for myapps?

Found some on Company Branding allowing for a known landing page with Company Branding where I assume the ?whr= is the Domain Hint as per the Custom Login Page

https://myapps.microsoft.com?whr=MyTenant.com

Where MyTenant is my branded site.

 

Related Conversations
Tabs and Dark Mode
cjc2112 in Discussions on
35 Replies
Extentions Synchronization
Deleted in Discussions on
3 Replies
Security Community Webinars
Valon_Kolica in Security, Privacy & Compliance on
9 Replies
How to Prevent Teams from Auto-Launch
chenrylee in Microsoft Teams on
29 Replies