Following configuration of Azure Active Directory as an IdP according to
The instructions mention to add in the SAML section under Configuration --> Security in CA PAM, your App ID URL, for example https://ip_address as the Entity Id in RP Configuration.
By doing so SSO login always fails with a message that
Application with identifier https://ip_addres is not found in directory <Name of Azure AD>
This happens irrespective if the Application ID is specified as https://ip_address or the Redirect URI for the Application registration in Azure defined previously (e.g. https://ip_address/cspm/home) is used (see configuration steps shared earlier).
CA PAM all releases
This is due to the application identifier sent by CA PAM in the assertion request not being a known value to Azure. It does not suffice to use the Web URI or an arbitrary Application Identifier such as the node or cluster primary node IP address, as both of them will be in fact unknown to Azure as the name of a registered application
Instead of using the values specified in the documentation, make sure that the value specified in Application ID URI under Application registration --> Your Application registered in Azure for communication with PAM --> Overview is used as the value for App ID URL under Configuration --> Security --> SAML --> RP Configuration in CA PAM
It may happen that the Application ID URI is empty or not defined.
In this case you can click on Expose an API to have the api value populated and use that one in subsequent steps (see screenshot)