Contents x
- Getting Started
- User Guide
- Settings
- Integration Guides
- Asana
- Aha
- Automox
- Auth0
- Armis
- Microsoft Entra ID User Provisioning
- Atlassian Opsgenie
- Azure - Defender for Cloud
- AWS
- Akamai App & API Protector
- Adobe Experience Manager
- Axonius
- Bitbucket
- CrowdStrike Falcon Exposure Management
- Cisco Umbrella
- Cloudflare
- CyberArk Identity
- CrowdStrike Falcon
- Datadog
- Dynatrace
- Duo Security
- Document360
- Databricks
- DocuSign
- Freshservice
- Fastly
- GitHub
- GitLab
- Grafana
- GCP - Security Command Center
- Google Workspace
- Harness
- Imperva WAF
- Jamf
- JumpCloud Integration Guide
- LaunchDarkly
- LastPass
- Mulesoft
- Malware Patrol
- Microsoft 365 Defender
- Microsoft Defender for Endpoint
- Microsoft SharePoint
- Netlify
- KnowBe4
- Onetrust
- Okta
- Outside-in
- Phishing Report Upload
- Pipedrive
- Prisma
- PingOne
- Qualys SCA
- Qualys VMDR
- Qualys SCA
- RSA Archer
- Rapid7 InsightVM
- Rapid7 Insights VM Cloud
- ServiceNow TPRM
- ServiceNow CMDB
- SumoLogic
- ServiceNow Integrated Risk Management
- SecurityTrails
- Snowflake
- SentinelOne
- ServiceNow
- Shodan
- Sentry
- SpyCloud
- Teamwork
- Twingate
- Terraform
- Thycotic
- Tanium
- Tenable Vulnerability Management
- Tenable Security Center
- Tenable.sc
- Tableau
- Veracode
- VA Report Upload
- Wiz
- Zoom
- Zendesk
- Release Notes
- SAFE Product and Quantification Updates - March, 2025
- Release Notes - 2025 February
- Release Notes - 2025 January
- Release Notes - 2024 December
- Release Notes- 2024 November
- Impact due to FAIR-MAM at Group Level
- Customer Feedbacks and Enhancements in SAFE
- Release Notes - 2024 October
- Release Notes - 2024 September
- Release Notes - 2024 August
- SAFE Product and Quantification Updates
- Release Notes - 2024, July
- Release Notes - 2024 June
- Release Notes - May 2024
- Release Notes - Apr 2024
- Release Notes - Mar 2024
- Release Notes - Feb 2024
- Support Matrix
- SAFE KB Articles
- Beta
Azure AD SSO
- 1 Minute to read
- Print
- PDF
Contents
Azure AD SSO
- 1 Minute to read
- Print
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
About this document
This document describes the step-by-step procedure to configure Single Sign-On (SSO) for SAFE via Azure AD.
Introduction
Single Sign-On (SSO) enables organizations to use the SAML 2.0 authentication provider for authenticating login into SAFE. SAFE Admin can onboard and manage users right from their Azure AD SSO platforms, eliminating the need to maintain a separate user authentication mechanism for SAFE.
Configure SSO on Azure AD
To configure:
- Go to your Microsoft Azure AD Account.
- Create an ‘Enterprise Application’ in Azure Active Directory as follows:
- Click the "Enterprise Application" from the left menu. The system opens the Enterprise Application page.
.png)
- Click the "New application" button.
.png)
- Click the "Create your own application" button.
.png)
- Assign a name for your application. Your application will be created.NoteMake sure that your Enterprise Application is not restricted by any access policies, as it will cause the SSO to fail.
- Select the created application from the list.
.png)
- Click the "Enterprise Application" from the left menu. The system opens the Enterprise Application page.
- Add Users/Groups to your app in Azure AD as follows:
- Click the "Assign Users and Groups" button
.png)
- Click the Add user/group button.
.png)
- Search and select the users.
- Once all the users are selected, click the Assign button.
.png)
- Click the "Assign Users and Groups" button
- Now, set up the Single Sign-On (SSO) as follows:
- Click the "Set up single sign-on" button.
.png)
- Select the SAML as a Single Sign-on method. The system opens a SAML configuration page. On this page:
.png)
- Enter the Identifier (Entity ID) for your region - details here.
- Enter the Reply URL (Assertion Consumer Service URL) for your region - details here.
.png)
- Click the "Set up single sign-on" button.
- To configure attribute mapping “Edit” the “User Attributes & Claims”.
- Add the attribute claims to synchronize these with the SAFE users as per the below screenshot.
- Download the SAML Metadata files (Federation Metadata XML) file.
.png)
- Share the Metadata file with the Safe Security team along with the domain/domains you wish to enable for SSO (e.g. @exampledomain.com).
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
.png)
Info
SAFE will use the email address for the purpose of SSO, usually mapped to the SAML attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Was this article helpful?
Thank you for your feedback! Our team will get back to you
How can we improve this article?
Your feedback
Comment
Comment (Optional)
Character limit : 500
Please enter your comment
Email (Optional)
Email
Please enter a valid email
