- Newest
- Most votes
- Most comments
Hello Team,
I was able to reproduce the issue internally as well however I found a solution for this as below.
You have added the application to the application launcher which you have created for the workspacesWeb however you need to PIN the application as Custom application.
To do that you will need to create a New application and add the Web portal endpoint URL as Single sign-on URL and then you need to pin that application to the application launcher.
To Pin a custom app [1] :
- In Azure Active Directory, choose Enterprise applications > New application on the top of the All applications page.
- On the Add an application page, choose Non-gallery application or Create your own application if you are in the preview version of Azure Active Directory.
- Type a name for the application and then assign user in the Users and groups tab.
- Use the Properties tab to upload an icon for the app.
- To assign a URL to the app, in the Single sign-on tab, choose Linked and then enter a URL (Web portal endpoint.
- Choose Save.
Once done the add the application to the application launcher :
- Go to the Microsoft 365 admin center at https://admin.microsoft.com.
- In the left navigation, choose Show all, and under Admin centers, choose Azure Active Directory.
- In Azure Active Directory, choose Enterprise applications > App launchers > Settings.
- In the Microsoft 365 settings section, choose Add application.
- Choose the applications which you created above with Web portal endpoint URL and pin to the users' app launcher, and then choose Add.
Once done user can launch this new app which is basically redirecting to the actual workspaces web app.
References:
[1] Pin apps to your users' app launcher: https://learn.microsoft.com/en-us/microsoft-365/admin/manage/pin-apps-to-app-launcher?view=o365-worldwide
So, if I understand this correctly I do the following:
- Create an Enterprise app (let's call it App1) following this guidance: https://docs.aws.amazon.com/workspaces-web/latest/adminguide/azure-idp.html. That sorts out all the SAML/IdP/SSO stuff and gets me to where I was above.
- Create a second Enterprise app (call it App2) which calls the web portal url (which then behind the scenes handles all the SAML that has been defined in App1) and pin it to the users app launcher. I've tried this and it seems to work but in my launcher I now see BOTH App1 and App2. Is there a way to suppress the display of App1?
Going back to my initial scenario, with App1 that has no Relay State URL, I've discovered that by populating the "Sign On URL (Optional)" field with the Workspace Web portal URL I seen to get similar results as those achieved following your suggestions.
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 3 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated 2 months ago