Home

SSO login for a SaaS application using myapps

%3CLINGO-SUB%20id%3D%22lingo-sub-360074%22%20slang%3D%22en-US%22%3ESSO%20login%20for%20a%20SaaS%20application%20using%20myapps%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-360074%22%20slang%3D%22en-US%22%3E%3CP%3ETrying%20to%20understand%20the%20URL%20specifications%20or%20what%20is%20happening%20on%20a%20SSO%20login%20to%20Workday%20and%20Oracle.%20On-premise%20AD%20is%20sync'd%20to%20Azure%20AD%20and%20IDP%20for%20Workday%20and%20Oracle.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EThe%20default%20url%20for%20access%20we%20were%20using%20was%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FWorkday%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FWorkday%2F%3C%2FA%3E%3CEM%3Eguid1_removed%3C%2FEM%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FOracle%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2Fsignin%2FOracle%2F%3C%2FA%3E%3CEM%3Eguid2_removed%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EMost%20users%20just%20float%20in%20as%20expected%2C%20no%20username%20or%20password%20prompt.%20Some%20users%20though%2C%20are%20prompted%20to%20select%20a%20user%20account%20from%20the%20%22known%20logins%22%20and%20this%20is%20the%20issue%2C%20we%20are%20not%20expecting%20this.%3C%2FP%3E%3CP%3EIf%20we%20use%20the%20following%20URL%20then%20it%20floats%20in%20as%20expected.%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2F%3C%2FA%3E%3CEM%3Etenancy%3C%2FEM%3E.com%2Fsignin%2FWorkday%2F%3CEM%3Eguid1_removed%26nbsp%3B%3C%2FEM%3E%3CBR%20%2F%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%2F%3C%2FA%3E%3CEM%3Etenancy%3C%2FEM%3E.com%2Fsignin%2FOracle%2F%3CEM%3Eguid2_removed%3C%2FEM%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EWondering%20why%20we%20are%20being%20challenged%20on%20some%20clients%20to%20select%20an%20account%3F%3C%2FP%3E%3CP%3EIs%20there%20any%20documentation%20on%20the%20makeup%20of%20the%20URL%20for%20myapps%3F%3C%2FP%3E%3CP%3EFound%20some%20on%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fazure%2Factive-directory%2Ffundamentals%2Fcustomize-branding%22%20target%3D%22_self%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3ECompany%20Branding%3C%2FA%3E%20allowing%20for%20a%20known%20landing%20page%20with%20Company%20Branding%20where%20I%20assume%20the%20%3Fwhr%3D%20is%20the%20Domain%20Hint%20as%20per%20the%20%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2FAzure-Active-Directory-Identity%2FUsing-Azure-AD-to-land-users-on-their-custom-login-page-from%2Fba-p%2F243900%22%20target%3D%22_self%22%3ECustom%20Login%20Page%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fmyapps.microsoft.com%3Fwhr%3DMyTenant.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fmyapps.microsoft.com%3Fwhr%3DMyTenant.com%3C%2FA%3E%3C%2FP%3E%3CP%3EWhere%20MyTenant%20is%20my%20branded%20site.%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-360074%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EAzure%20AD%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E
JoeMcGlynn
New Contributor

Trying to understand the URL specifications or what is happening on a SSO login to Workday and Oracle. On-premise AD is sync'd to Azure AD and IDP for Workday and Oracle.

 

The default url for access we were using was

https://myapps.microsoft.com/signin/Workday/guid1_removed
https://myapps.microsoft.com/signin/Oracle/guid2_removed

 

Most users just float in as expected, no username or password prompt. Some users though, are prompted to select a user account from the "known logins" and this is the issue, we are not expecting this.

If we use the following URL then it floats in as expected.

https://myapps.microsoft.com/tenancy.com/signin/Workday/guid1_removed 
https://myapps.microsoft.com/tenancy.com/signin/Oracle/guid2_removed

 

Wondering why we are being challenged on some clients to select an account?

Is there any documentation on the makeup of the URL for myapps?

Found some on Company Branding allowing for a known landing page with Company Branding where I assume the ?whr= is the Domain Hint as per the Custom Login Page

https://myapps.microsoft.com?whr=MyTenant.com

Where MyTenant is my branded site.

 

Related Conversations
Embed Yammer in intranet
Taen keren in Yammer on
2 Replies
Yammer and Office 365 MFA
Taen keren in Yammer on
1 Replies
Error trying to invite people in my organization
anonymous-user in Archived on
2 Replies
Modern Authentication Issue
cvincent in Microsoft Teams on
1 Replies