User's Guide: Configuring a SAML Provider Application in Azure

  • Updated on Dec 17, 2024
  • Published on Jun 10, 2024
  • 2 minute(s) read

1.0 Overview

This article describes how to create a Fortanix Application in Azure Active Directory for SAML authentication.

2.0 Prerequisites

Configuring Single Sign-On (SSO) to use Microsoft Azure Active Directory (AD) as a Security Assertion Markup Language Identity Provider (SAML IdP) requires Active Directory Premium. You must sign in to Fortanix-Data-Security-Manager (DSM) as an Administrator and to the Azure portal using your Azure Active Directory administrator account. This process requires you to create a non-gallery application in Azure.
For a more detailed explanation on configuring SAML in Azure AD, see the Microsoft documentation:
Configure single sign-on to applications that are not in the Azure Active Directory application gallery.

3.0 Creating a Fortanix Application in Azure AD

Sign in to Fortanix UI as an administrator, and in a separate window, sign in to Azure Active Directory as an an administrator. To create a Fortanix application, follow the steps below:

  1. Navigate to Azure Active Directory > Enterprise applications.

    Figure_1.png

    Figure 1: Navigate to Enterprise applications

  2. Click New application.

    Figure_2.png

    Figure 2: Click New Applications

  3. Click Create your own application.
    This opens the Create your own application pane.

    Figure_3.png

    Figure 3: Click Create your own application

  4. Enter a name for your new app.
    Ensure Integrate any other application you don’t find in the gallery is selected.

  5. Click Create.
    When the application's Overview page displays, the application is created.

  6. Click Users and groups.

    Figure_4.png

    Figure 4: Click Users and groups

  7. Click +Add user/group. Highlight your choice in the search bar, click Select, and then click Assign.
    Repeat as necessary to add users/groups.

  8. Click Single sign-on.

  9. Select the SAML tile.
    This opens the Set up Single Sign-On with SAML page.

    Figure_5.png

    Figure 5: Select the SAML tile

  10. In Section 1, provide the two values listed below. You can copy both values from the Lacework Console authentication settings.

    • Identifier (Entity ID): https://<fortanix_dsm_url>/saml/metadata.xml
      Copy from Service Provider Entity ID

    • Reply URL (Assertion Consumer Service URL): https://<fortanix_dsm_url>/saml
      Copy from Assertion Consumer Service URL

  11. In Section 2, ensure that you have the correct Unique User Identifier specified under Attributes and Claims. The default user identifier is preconfigured as user.userprincipalname. However, depending on your organization, you can also use the email address as the Unique User Identifier by specifying user.mail.

  12. In Section 3, download and save the Federation Metadata XML file.

    Figure_6.png

    Figure 6: Provide the required details and download and save the Federation Metadata XML file

Related articles