Configure Entra ID (formerly Azure AD)

This topic covers the SAML authentication requests and responses that Microsoft Entra ID (formerly Azure AD) supports for single sign-on (SSO).

Learn more about using Entra ID for SAML here: https://learn.microsoft.com

To configure Entra ID to communicate with SIP, complete the following steps.

  1. In the Microsoft Entra admin center, open the app in Microsoft Entra ID.

  2. Under Manage, select All applications > New application.

  3. Click Create your own application.

  4. Type a name for the app (such as FireMon SAML SSO), select Integrate any other application you didn't find in the gallery (Non-gallery), and then click Create.

  5. Under Manage, select Owners > Add, and then search for the user or users to assign as owners. These users should be a member of a configuration group. Click Select and then Assign.

  6. Under Manage, select Users and groups > Add user/group, and search for the users and groups who will use SAML SSO. Click Select and then Assign.

  7. Under Manage, select Single sign-on > SAML.

    • Basic SAML Configuration, click Edit.

      1. Identifier (Entity ID): Click Add identifier. It is recommended that the value of this field be in the format of https://<hostname or IP>/sp. Please note that within SIP, each SAML authentication server must have a unique value for this field, if multiple SAML authentication servers are defined. Therefore, subsequent servers may have values similar to https://<hostname or IP/sp_2.

      2. Reply URL: Click Add reply URL: It is recommended that the value of this field be in the format of https://<hostname or IP>/securitymanager/api/saml/SSO

      3. Sign on URL: optional

      4. Relay State: Type https://<hostname or IP>/securitymanager

      5. Logout URL: Type: https://<hostname or IP>/securitymanager/api/saml/SingleLogout

      6. Click Save.

    • Attributes & Claims. You can edit Attributes & Claims to verify the Claim name schema that needs to be entered in SIP configuration or use the default Claim name under SAML Settings. Make sure to update the correct claim name in to get the user details filled in automatically post successful user log in.

    • SAML Certificates. Download the Federation Metadata XML file. This will be used in step 6 of Create SAML Authentication.

Do not skip downloading the Federation Metadata XML file.

  1. Proceed to the Administration module to complete the setup process.