- Home
- CASB
- Setup Azure AD as IDP CASB as SP
Azure AD SAML Single Sign On (SSO) for CASB | Azure AD IDP
SAML or Security Assertion Markup Language, is an authentication protocol where the user authentication information is shared between the Identity Provider (IDP) and the Service Provider (SP). In this guide, we will see how you can enable Azure AD SAML SSO Authentication with a CASB. So let's get started!
Step 1: Sign up with miniOrange CASB
Step 2: Configure SAML SSO and Groups Claim on Azure AD
- Go to the miniOrange CASB Dashboard and click on the Authentication Source tab.
- Click on Add New Authentication Source button to add your authentication source.
- Here, enter your Authentication Name to generate the Service Provider Metadata.
- Upon entering the authentication name, click on the Generate Metadata button to get the metadata of the Service Provider.
- Copy the Service Provider Metadata details and configure the respective fields in your Identity provider.
- If you would like to view the metadata details again, then you can click on the Show Metadata button.
- Now Log in to Azure AD Portal
- Select Azure Active Directory (AAD).
![Configuring Azure AD as IDP click on Azure AD](/images/azure-ad/click-on-ad.webp)
- Select Enterprise Application.
![Azure AD as IDP : Enterprise Applications](/images/azure-ad/enterprise-app.webp)
- Click on New Application.
![Azure AD as IDP : Adding New Application](/images/azure-ad/eneterprise-new-app.webp)
- Click on Create your own Application under Browse Azure AD Gallery.
![Azure AD SAML IDP : Create application](/images/azure-ad/create-new-app.webp)
- Enter the name for your app, then select Non-gallery application section and click on Create button.
![Azure AD IDP : Non-gallery application](/images/azure-ad/app-name.webp)
- Click on Setup Single Sign-On.
![Azure AD Identity Provider : Setup SSO](/images/azure-ad/click-on-sso.webp)
- Select the SAML tab.
![Azure AD as IDP : Select SAML](/images/azure-ad/saml-app.webp)
- Upload the downloaded metadata file to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange CASB
![Azure AD as IDP : SAML configuration](/images/azure-ad/upload-metadata-file.webp)
- By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.
- Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.
- Assign users and groups to your SAML application.
- As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
- On the Active Directory page, select All Groups and then select New group.
![Azure AD SAML IDP : Assign groups and users](/images/azure-ad/create-group-role-azure-ad-sso.webp)
- The New Group pane will appear and you must fill out the required information.
![Azure AD Group Details for CASB](/images/azure-ad/create-group-details-azure-ad.webp)
- Select the Group type as Security and Enter a Group name.
- Select Membership type as assigned.
- Select the Create button. Your group is created and ready for you to add members.
- Select the Members area from the Group page, Select Add members, and then begin searching for the members to add to your group.
![Azure AD Identity Provider : Add users](/images/azure-ad/members-role-azure-ad-casb.webp)
- When you are done adding members, choose Select.
- You can also assign a role to your application under App roles section. Finally, click on Assign button to assign that user or group to the SAML application.
Step 3. Configure Azure AD as IDP in CASB
- Now, you will need to enter the required information like IDP Entity ID, SAML Login URL, SAML Logout URL and X509 Certificate which you will find in your Identity Provider metadata. Also, Select the Binding Type for SSO Request, you will get its details from the IDP metadata but if you are not sure then keep the HTTP-Redirect Binding selected for default configuration.
- Click the Save button once you have filled out all the details.
- You have successfully configured SAML Authentication with a Cloud Access Security Broker (CASB).
External References
miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!