Hello there!

Need Help? We are right here!

miniOrange Email Support
success

Thanks for your Enquiry.

If you don't hear from us within 24 hours, please feel free to send a follow-up email to info@xecurify.com

Search Results:

×

Azure AD SAML Single Sign On (SSO) for CASB | Azure AD IDP


SAML or Security Assertion Markup Language, is an authentication protocol where the user authentication information is shared between the Identity Provider (IDP) and the Service Provider (SP). In this guide, we will see how you can enable Azure AD SAML SSO Authentication with a CASB. So let's get started!


Get Installation Help


miniOrange offers free help through a consultation call with our System Engineers to configure Azure AD SSO for CASB in your environment with 10-day free trial.

For this, you need to just send us an email at proxysupport@xecurify.com to book a slot and we'll help you in no time.



1. Configure CASB as SP in Azure AD

Mentioned below are steps to Configure CASB as SP in Azure AD.

  • Click here and log in with your miniOrange account and login using your credentials. If you do not have an account, you can go ahead and create one.
  • SAML Authentication with CASB

  • Click on Authentication, on the left panel in the dashboard.
  • SAML Authentication with CASB

  • Click on Add Authentication.
  • SAML Authentication with CASB Add Authentication

  • Click on SAML from the shown tabs.
  • SAML Authentication with CASB SAML

  • Enter Authentication Name and click on Generate Metadata on the screen as in the image below.
  • SAML Authentication with CASB SAML

  • You will see the SP metadata on the screen as in the image below. Please copy the details and configure the respective fields in your Azure AD App. Copy the Signing certificate as well and save in the field X.509 Certificate of your Azure AD App configuration.
  • SAML Authentication with CASB certificate


  • Now Log in to Azure AD Portal
  • Select Azure Active Directory (AAD).

  • Configuring Azure AD as IDP click on Azure AD

  • Select Enterprise Application.

  • Azure AD as IDP : Enterprise Applications

  • Click on New Application.

  • Azure AD as IDP : Adding New Application

  • Click on Create your own Application under Browse Azure AD Gallery.

  • Azure AD SAML IDP : Create application

  • Enter the name for your app, then select Non-gallery application section and click on Create button.

  • Azure AD IDP : Non-gallery application

  • Click on Setup Single Sign-On .

  • Azure AD Identity Provider : Setup SSO

  • Select the SAML  tab.

  • Azure AD as IDP : Select SAML

  • Upload the downloaded metadata file to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange
  • Azure AD as IDP : SAML configuration

  • By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.

  • Azure AD as IDP : SAML attributes

  • Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.

  • Azure AD SSO : Federation metadata file

  • Assign users and groups to your SAML application.
    • As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
    • Navigate to Users and groups tab and click on Add user/group.
    • Azure AD SAML IDP : Assign groups and users

    • Click on Users to assign the required user and then click on select.
    • Azure AD Identity Provider : Add users

    • You can also assign a role to your application under Select Role section. Finally, click on Assign button to assign that user or group to the SAML application.

2. Configure Azure AD as IDP in CASB

  • Now go to Edit SAML Authentication page.
  • identity provider Authentication with CASB

  • if you scroll down on the same page, you will be provided with the Identity Provider Configuration section. Please check the IDP Metadata provided by Azure AD and configure the details such as IDP Entity ID, SAML Login URL and SAML Logout URL.
  • SAML Authentication with CASB Identity Provider

    SAML Authentication Identity Provider Details

  • Select the Binding Type for SSO Request, you will get its details from the IDP metadata but if you are not sure then keep the HTTP-Redirect Binding selected for default configuration. Configure the X509 Certificate from the IDP Metadata and click on Submit to save your SAML SP application.
  • SAML Authentication with CASB SSO request

  • You have successfully configured SAML Authentication with a CASB.
  • SAML Authentication with CASB

External References


miniOrange CASB offers a wide variety of security features with flexible scalability, all available at the most affordable price to all types of businesses. Start by signing up now!


Want To Schedule A Demo?

Request a Demo
  



Our Other Identity & Access Management Products