Skip to content

Configure Microsoft Entra ID for SAML SSO

Introduction

Microsoft Entra ID (formerly Azure Active Directory) is a Cloud based Identity and Access Management that can be used for SAML Single Sign-On (SSO) with the CIS SecureSuite Platform.

This guide explains how CIS SecureSuite Platform System Admins can configure Entra ID as their organization's identity provider for SSO.

Steps

1. Create SAML application.
2. Configure SAML settings and attribute mappings.
3. Get SAML Metadata.
4. Connect Entra ID application to the CIS SecureSuite Platform.

Tip

We recommend opening the CIS SecureSuite Platform and going to the IdP page in Admin. You will need to copy/paste values from the IdP to the CIS SecureSuite Platform and vice versa.

Create SAML Application

Start by creating the SAML application in Entra ID.

1. Log in to your Entra ID account.
2. From the left navigation, go to Identity > Applications > Enterprise applications.

4. Select + New Application.

5. Select Create your own application.

6. Enter a descriptive, user-friendly name for the SAML application (e.g., SecureSuite) and ensure Integrate any other application you don't find in the gallery (Non-gallery) is selected.

7. Select Create.

After the application is created, Entra ID displays the created application’s configuration page to add users/groups and to configure SAML SSO.

Configure SAML Settings and Attributes

Next, configure the application's SAML settings and attribute mappings.

Configure SAML Settings

1. In the Set up single sign on box, select Get started.

2. Select SAML.

3. Under Basic SAML Configuration, select Edit.

4. Configure as folllows:

  • Identifier (Entity ID): Enter or paste the SP Entity ID from the IdP page in the CIS SecureSuite Platform's Admin area.
  • Reply URL (Assertion Consumer Service URL): Enter or paste the Redirect URI from the IdP page in the CIS SecureSuite Platform's Admin area.
  • Sign on URL: Enter or paste the Redirect URI from the IDP page in the CIS SecureSuite Platform's Admin area.

5. Select Save and close the window.

Configure Attribute Mappings

Next, configure the attribute mappings. They allow for the identity and authorization data to be properly carried between Entra ID and the CIS SecureSuite Platform.

Note

The attributes are case sensitive. Ensure they are exactly as shown in this section.

1. Under Attributes & Claims, select Edit.

2. Select the emailaddress claim.

Note

Verify the claim name by looking at the end of the URL.

3. In the Name field, enter email.
4. Clear Namespace so that it is empty.

5. Select Save to finish and then the X at the top-right of the page to return to Attributes & Claims.
6. Repeat steps 2-5 until the the claim names are as follows:

Original Claim Name New Claim Name
...emailaddress email
...givenname firstName
...surname lastName
...name username

7. Select Unique User Identifier (Name ID).
8. Change the Source attribute value to user.mail to use the user's email address as the username instead of the principal name generated by Entra ID.

9. Select Save and then the X at the top-right of the page to return to Attributes & Claims.

The finished attribute mappings should look like this:

10. Select the X at the top-right of the Attributes & Claims page to return to the Single sign-on page.

Get SAML Metadata

To establish the connection between the Entra ID SAML application and the CIS SecureSuite Platform, you need the SAML application's metadata. This metadata can be brought into the CIS SecureSuite Platform through a file or manual input.

Note

Using the file will auto-populate most of the configuration fields in the CIS SecureSuite Platform, reducing the chance of human error and setup time.

Can I import the SAML metadata to the CIS SecureSuite Platform using the App Federation Metadata URL?

No. Currently, the CIS SecureSuite Platform does not support importing Entra ID SAML metadata through URL.

Get Metadata File

  • Under SAML Certificates and next to the Federation Metadata XML field, select Download.

Connect Entra ID Application to the CIS SecureSuite Platform

With the SAML metadata file, finish setting up SSO with EntraID by connecting the IdP to the CIS SecureSuite Platform.

1. Open the CIS SecureSuite Platform.
2. Go to Admin > IdP.
3. From the External Identity Provider dropdown, select SAML.
4. Complete the fields by uploading the metadata file or entering the information manually.

Tip

Refer to the Connect with SAML procedure for detailed instructions on this step.

5. Select Submit to establish the connection.