Using Fortanix Data Security Manager with Microsoft Entra ID

1.0 Introduction

This document describes the steps to integrate Fortanix-Data-Security-Manager (DSM) with Microsoft Entra ID using a Security Assertion Markup Language (SAML) configuration for Single Sign-On (SSO)-based authentication.

It also covers the following details:

• Creating a new Microsoft Entra ID application and configuring it with SAML for secure authentication.

• Adding SAML authentication to an existing Enterprise application in Microsoft Entra ID.

2.0 Prerequisites

Ensure you have the following:

• An active Azure subscription with administrator (admin) permissions in Microsoft Entra ID.

• Admin access to Fortanix DSM for configuring SAML-based SSO.

• An existing Enterprise application already set up in Microsoft Entra ID.

3.0 Create a New Entra ID Application with SAML

Perform the following steps to create a new Microsoft Entra ID application and configure it with SAML for secure authentication:

1. Log in to the Azure Portal.

2. From the Azure home page, navigate to Microsoft Entra ID. You will find it under Azure services or in the left navigation menu.

   

3. Select Enterprise applications under the Manage menu.

   

4. Click New Application.

   

5. Click Create your own application in the upper-left corner of the page.

   

6. On the Create your own application form,

   1. Enter the name of the application.

   2. Ensure Integrate any other application you don’t find in the gallery (Non-gallery) is selected.

   3. Click Create to add a new application.

   

7. On the application’s Overview page, select Single Sign On from the Manage menu.

   

8. Select SAML from the available SSO methods.

   

9. Fill the required fields on the SAML-based Sign-on page and click Test. To verify the configuration.

   

   Where,

    1. In the Identifier (Entity ID) field, enter the value in the following format: https://<fortanix_dsm_url>/saml/metadata.xml

        For example, https://amer.smartkey.io/saml/metadata.xml.

    2. In the Reply URL (Assertion Consumer Service URL) field, enter the value in the following format: https://<fortanix_dsm_url>/saml/.

        For example, https://amer.smartkey.io/saml/.

    3. In SAML Certificates section, provide a Notification Email address and add a new certificate. Activate the certificate and save.

    4. Download the Federation Metadata XML file. Open the file in a text editor and copy the complete XML content. This will be required later in Fortanix DSM for SAML configuration.

   NOTE

   • You cannot create additional Entra ID applications with SAML; however, you can modify the existing Identifier (Entity ID) and Reply URL URLs and related settings.

   • If the Identifier (Entity ID) and Reply URL URLs are changed, a new SAML certificate must be generated and activated, and the old certificate must be deleted.

4.0 Configure Microsoft Entra ID SSO in Fortanix DSM

Perform the following steps to integrate Fortanix DSM with Microsoft Entra ID using SAML configuration:

1. Log in to the Fortanix DSM.

2. In the Fortanix DSM user interface (UI), navigate to Settings → AUTHENTICATION tab, and select SINGLE SIGN-ON as the authentication method.

3. Click ADD SAML INTEGRATION to add a new SAML integration.

   

4. On the Add SAML integration page,

   1. Click UPLOAD A FILE to browse and upload the SAML file downloaded in Step 9 of Section 3.0: Create a New Entra ID Application with SAML or directly paste the XML content saved previously in the text field.

   2. In the SSO Title field, customize the SSO by adding a name in the SSO Title field and a URL for the logo image in the Logo URL field.

   3. Click ADD INTEGRATION.

      

5. After successfully integrating with Microsoft Entra ID SSO, Fortanix DSM displays the configured SSO.

   

5.0 Test the Integration

Perform the following steps to verify the SSO integration:

1. Log out of Fortanix DSM to sign in using SSO.  

2. On the Fortanix DSM Login screen, click the LOG IN WITH MICROSOFT ENTRA ID to log in using the newly added SSO configuration.

   

3. The Microsoft Azure login page appears. Enter the SSO user credentials to log in and follow the steps.

   

4. You will now be automatically logged in to Fortanix DSM and reach the Fortanix DSM accounts page.

6.0 Add SAML to an Existing Enterprise Application

If an Enterprise application already exists in Microsoft Entra ID, perform these steps to add SAML to it:

1. In Microsoft Entra ID, open your Enterprise application.

2. Perform Steps 7 to 9 in Section 3.0: Create a New Entra ID Application with SAML.

After adding the SAML to an existing application,

1. Perform the steps mentioned in Section 4.0: Configure Microsoft Entra ID SSO in Fortanix DSM to set up the SSO in Fortanix DSM.

2. Perform the steps mentioned in Section 5.0: Test the Integration to verify the integration.