What is the 'sign-on url' in a Windows Azure Active Directory application?

Question

I have configured my first application in Windows Azure Active Directory and everything works fine: I can login using accounts in my directory.

However, I'm not entirely clear on all the concepts yet, especially the sign-on url. The tooltip says:

The URL where users can sign in and use your app. You can change this later.

But users sign in somewhere on login.windows.net and furthermore, it doesn't matter what I enter here, authentication keeps working. So what is this 'sign-on url'?

Answer 1

If you visit http://aka.ms/myapps, you'll find a long list of applications that have access to your account. If you click on these apps, you should be redirected to a home page where the sign-in process could be initialized. However, if the app doesn't declare a signInUrl in its manifest, you'll get an error that says the app is misconfigured.

something went wrong...
You cannot access this application because it has been misconfigured. Contact your IT department and include the following information:
Undefined Sign-On URL for application "BlahBlahBlah"

In the new Azure portal UI, the "SIGN-ON URL" is now called "Home page URL", which you can find under Branding in the app registration configuration.

Answer 2

I can see why this may be confusing. I think you can look at this as the URL where the whole sign-in process starts (i.e. your app's URL, which, if they're not logged in, will sends them to login.windows.net).

Also, even if for now you might be able to enter anything and authentication still works, I'd try to make it point to the right place just in case things change in the future.