• Home
• CASB
• Setup Azure AD as IDP CASB as SP

Azure AD SAML Single Sign On (SSO) for CASB | Azure AD IDP

---

SAML or Security Assertion Markup Language, is an authentication protocol where the user authentication information is shared between the Identity Provider (IDP) and the Service Provider (SP). In this guide, we will see how you can enable Azure AD SAML SSO Authentication with a CASB. So let's get started!

Step 1: Sign up with miniOrange CASB

• Click here to log into your miniOrange account.
  

  (Don’t have an account? No worries, click here to create a new account)

Step 2: Configure SAML SSO and Groups Claim on Azure AD

• Go to the miniOrange CASB Dashboard and click on the Authentication Source tab.



• Click on Add New Authentication Source button to add your authentication source.



• Here, enter your Authentication Name to generate the Service Provider Metadata.



• Upon entering the authentication name, click on the Generate Metadata button to get the metadata of the Service Provider.



• Copy the Service Provider Metadata details and configure the respective fields in your Identity provider.



• If you would like to view the metadata details again, then you can click on the Show Metadata button.



• Now Log in to Azure AD Portal
• Select Azure Active Directory (AAD).



• Select Enterprise Application.



• Click on New Application.



• Click on Create your own Application under Browse Azure AD Gallery.



• Enter the name for your app, then select Non-gallery application section and click on Create button.



• Click on Setup Single Sign-On.



• Select the SAML tab.



• Upload the downloaded metadata file to get the Entity ID, ACS URL, and the Single Logout URL from miniOrange CASB



• By default, the following Attributes will be sent in the SAML response. You can view or edit the claims sent in the SAML response to the application under the Attributes tab.



• Copy the App Federation Metadata Url or Download the Federation Metadata XML file to get the Endpoints required for configuring your Service Provider.



• Assign users and groups to your SAML application.
• As a security control, Azure AD will not issue a token allowing a user to sign in to the application unless Azure AD has granted access to the user. Users may be granted access directly, or through group membership.
• On the Active Directory page, select All Groups and then select New group.



• The New Group pane will appear and you must fill out the required information.



• Select the Group type as Security and Enter a Group name.
• Select Membership type as assigned.
• Select the Create button. Your group is created and ready for you to add members.
• Select the Members area from the Group page, Select Add members, and then begin searching for the members to add to your group.



• When you are done adding members, choose Select.
• You can also assign a role to your application under App roles section. Finally, click on Assign button to assign that user or group to the SAML application.

Step 3. Configure Azure AD as IDP in CASB

• Now, you will need to enter the required information like IDP Entity ID, SAML Login URL, SAML Logout URL and X509 Certificate which you will find in your Identity Provider metadata. Also, Select the Binding Type for SSO Request, you will get its details from the IDP metadata but if you are not sure then keep the HTTP-Redirect Binding selected for default configuration.



• Click the Save button once you have filled out all the details.



• You have successfully configured SAML Authentication with a Cloud Access Security Broker (CASB).

External References

• What is casb?
• How to secure G-Suite apps with IP restriction?
• How to set up WordPress role based access control to secure site folders?