Setting up SAML for Microsoft Azure Tool

Setting up SAML for Microsoft Azure Tool


The Security Assertion Markup Language (SAML) feature allows a user to access all of their SaaS applications by entering their login credentials once on a single page. There are several benefits to it:

  1. It improves the security posture as there is only a single point of authentication.
  2. Credentials are sent only to the identity provider directly.
  3. It removes the need for multiple login credentials.
  4. It removes the need for user information to be maintained and synchronized between directories. 

Securin allows SSO via the Microsoft Azure application. In this document, we shall take a look at how to set up SSO for Securin.


Prerequisites

Please email us to support@securin.io requesting the below details 

  1. Identifier (Entity ID)
  2. Reply URL (Assertion Consumer Service URL)

Steps to Set up the SAML:

Please follow the steps to set up SAML
  1. Creating an Enterprise Application on Azure 
  1. Setting up the Single-Sign-On (SSO)
  1. Adding Attributes and Claims
  1. Adding Users to the Application
  1. Signing in with Single-Sign-On (SSO) in Securin

Creating an Enterprise Application on Azure

To create an enterprise application:

  1. Log in to your Microsoft Azure application.
  2. Click Enterprise applications.

Enterprise Applications on the Homepage


  1. `Click +New Application on the top bar.

Add a New Application


  1. Enter the name of the application and choose Integrate any other application you don't find in the gallery (Non-gallery).
  1. Click Create.

Add Your Application


Setting up the Single-Sign-On
  1. In the subsequent page, click Set up single sign on.

Set up Single Sign on


  1. Select SAML as the SSO method

Single Sign-on Method


  1. Click Edit on the right corner.


Edit Configuration



  1. Enter the appropriate URLs under Identifier and Reply URL.

Configuration Settings


Adding Attributes and Claims

Next, you need to add the Attribute claims. Attribute claims allow you to add users and their email addresses to the SAML setup so they can access the SSO feature. 


  1. On the left navigation pane, click Single Sign-on and click Edit on the Attributes & Claims panel.

 

Edit Attributes and Claims


Here, you need to edit the values of the given name, surname, and email address.

  1. Click the Unique User identifier claim to edit it.

Claim Values


  1. Edit the source attribute field to user.email in the field and click Save.

The Source Attribute Field


Following this, add a group claim.


  1. Click Add a group claim on the top bar, select All groups, and click Save.

Group Claims Settings


  1. Next, click the given name under Additional Claims.

Additional Claims Settings1



  1. Edit the name to first name and click Save.

Additional Claims Settings2



  1. Next, click the surname under Additional Claims.

Additional Claims Settings3



  1. Edit the name to last name and click Save.

Additional Claims Settings4


The Azure SSO configurations are now complete.




Adding Users to the Application

Now that the application is set up, you can add the users who can access the single sign-on feature.

  1. In the Enterprise application, click +Add user/group to open the assignments page.


Adding Users


  1. Click Users and groups and click None selected.



Assigning Users 1


  1. Click the Assign button to return to the application page.


Assigning Users2


Your user setup is also complete now.


Post-Configuration Customer Actions

Please send the following details to support@securin.io.


  1. Federation Metadata XML
  2. List of domains/subdomains associated with the email of the users added to SAML (For example: If your users' email addresses look like user1@securin.io, user2@marketing.securin.io, and user3@sales.securin.io, please send securin.io, marketing.securin.io, and sales.securin.io). This is needed for redirecting to your SAML application and will be stored to a field in SAML IdP on keycloak.


The client-side configuration is complete. Now, we will configure the SAML setup at our end and inform you once it is done.


Once you receive the confirmation from our team, you can start using the Sign-in with the SSO feature.

    

Signing in with Single-Sign-On in Securin


  1. In Securin's sign-in page, click Sign-in with Single Sign On

Securin Sign-in Screen

  1. Enter the email address with which you have set up SSO and click Continue.

SSO with Securin


  1. You will be redirected to the Microsoft Sign in page. Enter the same email address here and click Next.

Microsoft Sign-in


  1. You will receive a verification code in your email. Enter this code and click Sign in.

Verification Code


  1. Accept the terms and conditions.

Microsoft Permissions


If you already have linked your Azure email address to the Securin application, you will see this page:

Account Actions


  1. In this case, click Add to Existing Account.

In the subsequent page, you will find the following instructions.

Instructions


  1. If you haven't already received the verification code, click the first link to receive the code and verify.
  1. If your email address is already verified, click the second link.
  1. You will receive the link to verification in your email address. Click the link and follow the given steps.


Once it is done, you will be able to log in easily.


Alternately, you can login via your Azure application. To do this,
  1. Go to https://myapplications.microsoft.com/
  2. Sign into your application.
  3. Click on My Apps.
  4. Click on your Securin account from the applications listed under My Apps.


Applications

    • Related Articles

    • Setting up SAML for Okta Tool

      This document provides a step-by-step guide on how to configure SAML for the Securin platform on your Okta application. Step 1: Creating an Enterprise Application on Okta Step 2: Setting up the Single Sign-On (SSO) Step 3: Adding Attributes and ...

    • Setting Up Notifications in the ASM Platform

      Setting Up Notifications in the ASM Platform The ASM platform offers a comprehensive notification feature to ensure you receive timely updates on critical events. Follow these steps to set up your notifications easily: Log in to the platform and ...

    • Setting up Webhooks for Securin ASM Alerts in Chat Applications

      Setting up Webhooks for Securin ASM Alerts in Chat Applications The Securin ASM platform now offers a notification feature that enables users to receive alerts and updates directly in their preferred chat applications. To utilize this feature, users ...

    • Signing in to Securin

      Logging into Securin Using an Email and Password Overview: How to log in to Securin using an email address and password. Navigate to app.securin.io. Enter your credentials and click Sign In. Logging into Securin Using Single Sign-On Overview: How to ...

    • Signing In - Registering a New Account

      via Email Overview: How to sign up for a new Securin account using an email and password. To sign up for a Securin account, navigate to app.securin.io. Click the Register link. Fill out the required fields and click Register. After clicking Register, ...