Share via

How to obtain IdP metadata URL in MS Azure AD when we do not have a Owner?

Fei Gao 0 Reputation points
2025-11-25T00:17:28.2166667+00:00

Hi we have experienced an issue with migrating the SSO configuration as it is using MS Azure AD and we need the IdP metadata URL to complete the configuration. However when I was trying to access this information, it suggested that I do not have access, and the IT Manager who is the Owner, has recently resigned. Could you please advise me how to obtain the IdP metadata URL? or how to replace the Owner while the current Owner is no longer contactable? Thank you.

Azure Information Protection
Azure Information Protection
An Azure service that is used to control and help secure email, documents, and sensitive data that are shared outside the company.

4 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2025-11-25T00:17:36.2866667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    To obtain the IdP metadata URL in Azure AD, you typically need access to the Azure portal and the appropriate permissions. If the current Owner is no longer contactable, you may need to follow these steps:

    1. Check for Other Administrators: If there are other administrators in your organization who have access to the Azure portal, they may be able to assist you in retrieving the IdP metadata URL.
    2. Contact Microsoft Support: If you cannot find another administrator, you can reach out to Microsoft Support for assistance. They may be able to help you regain access or provide guidance on how to proceed.
    3. Change Ownership: If you have access to the Azure portal, you can navigate to the Microsoft Entra ID section and check if you can change the ownership of the account. This typically requires being an administrator.
    4. Access the Metadata URL: Once you have the necessary permissions, you can obtain the IdP metadata URL in the following format: https://<tenant-name>.b2clogin.com/<tenant-name>.onmicrosoft.com/<policy-name>/Samlp/metadata Replace <tenant-name> with your Azure AD B2C tenant name and <policy-name> with the custom SAML policy you created.

    If you are unable to access the Azure portal or need further assistance, contacting your IT department or Microsoft Support would be the best course of action.

    0 comments
  2. Fei Gao 0 Reputation points
    2025-11-25T00:18:54.8166667+00:00

    Can you please advise me how to contact Microsoft Support? as our IT manager is no longer contactable.

    0 comments
  3. Adam Zachary 2,255 Reputation points
    2025-11-25T01:41:40.5166667+00:00

    You don’t need the old Owner to get the IdP metadata URL. The URL is public and always follows this format:

    https://login.microsoftonline.com/<tenant-id>/federationmetadata/2007-06/federationmetadata.xml

    If you don’t know the tenant ID, you can get it from:

    https://login.microsoftonline.com/<yourdomain.com>/.well-known/openid-configuration

    Your real problem is permissions. To update the SSO configuration, someone in your tenant must have one of these roles:

    1. Global Administrator
    2. Application Administrator
    3. Cloud Application Administrator

    If no one has admin access anymore because the previous owner left, you must open a support request to restore a Global Admin:

    https://aka.ms/AzurePortalSupport

    Choose tenant access issues and request administrator recovery.

  4. Adam Zachary 2,255 Reputation points
    2025-11-25T02:14:41.8533333+00:00

    Hi, no worries at all. The tenant ID is easy to find even if you don’t have full access.

    Just open this link in your browser and replace yourdomain.com with the domain you use to sign in:

    https://login.microsoftonline.com/<yourdomain.com>/.well-known/openid-configuration

    When the page loads, look for the value next to "issuer". Inside that URL, you will see a long GUID. That GUID is your tenant ID.

    Example:

    "issuer": "https://login.microsoftonline.com/12345678-abcd-1234-abcd-1234567890ab/v2.0"

    In this example, the tenant ID is:

    12345678-abcd-1234-abcd-1234567890ab

    Once you have that ID, you can use the metadata URL exactly as I mentioned earlier.

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.