How to use Microsoft Entra custom SAML App as an Identity Provider (IdP) for Azion
The Microsoft Entra Identity Provider (IdP) is a trusted entity that allows you to enable single sign-on (SSO) to access other sites or services, such as Azion. Your users can continue using their corporate user identities without remembering a specific password or entering credentials each time they access Azion’s platform.
To set up a Microsoft Entra custom SAML app as your account IdP for Azion’s platform, follow the next steps.
Configuring the SAML app on Microsoft Entra
- Access Microsoft Entra admin center.
- In the main left menu, select Applications > Enterprise Applications.
- Click the New Application button.
- It’ll show some cards with predefined applications and other options to create your own one.
- Click the Create your own application button.
- On the configuration page, give a name and, optionally, a description for your application. Example:
Azion IdP integration
- Select the Integrate any other application you don’t find in the gallery (Non-gallery) option.
- Click the Create button.
- After your application is created, select the Sigle sign-on option.
- Select the SAML card.
- It’ll open the Basic SAML Configuration form.
- In the form, you must fill in the following fields:
- In Identifier (Entity ID), enter https://sso.azion.com.
- In Reply URL (Assertion Consumer Service URL), enter https://sso.azion.com.
- These fields are required to save the configuration. However, they’ll be updated later to guarantee the integration works adequately.
- Click the Save button.
- It’ll redirect you to the application’s page.
- In the SAML Certificates section, select the Download Certificate (Base64) to download the information about the SAML application.
- You’ll use this information later to configure the integration on Azion’s platform.
Configuring the Identity Provider on Azion
-
Access Real-Time Manager (RTM).
-
On the upper-right corner of the page, select the avatar menu. This is the Account menu.
-
Select the SSO Management option.
-
Click the Add Identity Provider button and select SAML.
-
On the Identity Provider page, choose a name that identifies your identity provider. Example:
Microsoft Entra IdP integration
. -
Fill in the following fields with the data in the certificate file you downloaded in the Microsoft Entra portal:
- Identity provider’s Entity ID URI.
- Sign-in URL.
- Certificate. It must include the
-----BEGIN CERTIFICATE-----
and-----END CERTIFICATE-----
tags.
-
Click Save.
You’ll be redirected to the list of identity providers, where you can view all the providers created in your account.
Completing the registration of the app on Microsoft Entra
Still on the SSO Management page of RTM:
- Find the card of your recently created identity provider.
- Click the context menu, represented by three dots, and select Edit.
- On the Identity Provider page, you’ll need to copy the following information to finish the configuration on the Microsoft Entra portal:
- Assertion Consumer Service URL.
- Service Provider’s Entity ID URI.
- Sign-in URL.
Once you’ve copied this information:
- Access Microsoft Entra admin center.
- Return to the Single sign-on section, selecting it from the left side menu.
- On the Basic SAML Configuration box, click Edit and provide the following information:
- In the Identifier (Entity ID) field, paste the Service Provider’s Entity ID URI you’ve copied from Azion’s interface.
- In the Reply URL (Assertion Consumer Service URL) field, paste the Assertion Consumer Service URL you’ve copied from Azion’s interface.
- In the Sign on URL field, paste the Login URL you’ve copied from Azion’s interface.
- Click the Save button.
- On the Attributes & Claims box, click Edit.
- In the Unique User Identifier, set the string user.email to use the email address as identifier.
- Click the Save button.
After setting the service provider details, you can add users and groups, by selecting the Users and groups on the left side menu.
Alternatively, you can enable Automated User Provisioning, using the SCIM protocol. Check the how-to guide to get more information.
Turning on the Identity Provider on Azion
Finally, you must return to the SSO Management page on Azion’s RTM.
- Back on RTM, access the SSO Management page.
- On the box of the Identity Provider you’ve added, click Activate and turn on identity Origin and then click Confirm.
Now all the users of the account, except for the Account Owner, will be able to access Azion using Microsoft Entra as the Identity Provider.