Azure AD SAML Single Sign On (SSO) for CASB | Azure AD IDP
SAML or Security Assertion Markup Language, is an authentication protocol where the user authentication information is shared between the Identity Provider (IDP) and the Service Provider (SP). In this guide, we will see how you can enable Azure AD SAML SSO Authentication with a CASB. So let's get started!
Get Installation Help
miniOrange offers free help through a consultation call with our System Engineers to configure Azure AD SSO for CASB in your environment with 10-day free trial.
Mentioned below are steps to Configure CASB as SP in Azure AD.
Click here and log in with your miniOrange account and login using your credentials. If you do not have an account, you can go ahead and create one.
Click on Authentication, on the left panel in the dashboard.
Click on Add Authentication.
Click on SAML from the shown tabs.
Enter Authentication Name and click on Generate Metadata on the screen as in the image below.
You will see the SP metadata on the screen as in the image below. Please copy the details and configure the respective fields in your Azure AD App. Copy the Signing certificate as well and save in the field X.509 Certificate of your Azure AD App configuration.
Click on Create your own Application under Browse Azure AD Gallery.
Enter the name for your app, then select Non-gallery application section and click on Create button.
Click on Setup Single Sign-On .
Select the SAML tab.
Upload the downloaded metadata file to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange
By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.
Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.
Assign users and groups to your SAML application.
As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
Navigate to Users and groups tab and click on Add user/group.
Click on Users to assign the required user and then click on select.
You can also assign a role to your application under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.
2. Configure Azure AD as IDP in CASB
Now go to Edit SAML Authentication page.
if you scroll down on the same page, you will be provided with the Identity Provider Configuration section. Please check the IDP Metadata provided by Azure AD and configure the details such as IDP Entity ID, SAML Login URL and SAML Logout URL.
Select the Binding Type for SSO Request, you will get its details from the IDP metadata but if you are not sure then keep the HTTP-Redirect Binding selected for default configuration. Configure the X509 Certificate from the IDP Metadata and click on Submit to save your SAML SP application.
You have successfully configured SAML Authentication with a CASB.