SAML SP Integration Guide ▶ Microsoft Entra ID
This is a guide document on how to set up Microsoft Entra ID as IdP and SHIELD ID as SP in a Security365 On-Premise environment.
Prerequisites
- In the public environment, SSO federation is configured.
- You must have administrator privileges for the Security365 management center.
- You must have Microsoft Azure administrator privileges.
Process
1) Enable Security365 SAML Step 1
- Access the Security365 management center and log in.
- Access the settings menu.
- Access the User Authentication Settings tab.
- Enables the SSO authentication (SAML) option.
- Click on the detailed view of SP settings.
- Copy the following 3 items to a notepad.
Entity IDACS URLLogin Access URL
2) Create Azure Enterprise Application
- Azure PortalConnect and log in.
- Access the [Microsoft Entra ID] menu.
- Access the [Enterprise Application] menu.
- Click the [New Application] button at the top.
- Click the [Create Your Own Application] button at the top.
- When the right slide is activatedAfter entering the app nameClick the create button.
- Select the [Single Sign-On] menu in the created app.
- Select the [SAML] menu.
- Basic SAML ConfigurationEditing the item.
식별자 (Entity ID)- Add Identifier Selection
- Paste the Entity ID copied to the notepad
회신 URL (ACS URL)- Add reply URL option
- Paste the ACS URL copied to the notepad
로그인 URL (Login Access URL)- Paste the Login Access URL copied to the notepad
- Characteristics and ClaimsEditing the item.
- Select the claim, edit it, and save.
user.mail- Name Change ▶ email
- Namespace: Delete Pre-written URL
user.givenname- Name Change ▶ userName
- Namespace: Pre-written URL deletion
- Delete the unused user.userprincipalname and user.surname fields.
- When you move to the top menu, you can confirm that the [Federation Metadata XML] download of the SAML certificate is available.
- Click the download button to proceed with the download.
- Enterprise App Name.xmlIt will be downloaded.
3) Enabling Security365 SAML Step 2
- Upload the downloaded federation metadata XML.
- Upload button in the MetaData area of IDP
- It is confirmed that it has been uploaded successfully.
- Specify and save the Security365 app to navigate to when starting the SAML IdP login.
4) Azure SAML Customization
- To specify users who will use SAML login, click the [Users and Groups] menu on the Enterprise Apps screen.
- Click the [Add User/Group] button at the top.
- Click the [No Selected Items] button to add a user.
- Check the users to add and click the [Select] button.
- Click the [Assign] button in the lower left corner.
5) Login Test
SP Initiated Login
- The user accesses the on-premises SHIELDGate page.(= Move to Security365 Service)
- For unregistered users, registration is possible through the following process: Register > Register with an organization > Enter company domain > SSO login (SAML IdP).
- Enter an email format ID on the Security365 integrated login page (SHIELD ID).(= SAML SP)
- Navigating to the Microsoft password authentication page for verification.(= Redirect to SAML IdP)
- Once Microsoft authentication is completed, you will successfully log in to SHIELDGate.(= Proceed with authentication on the SAME login screen)
- You can use the service after confirming the service login is complete.
Reference
IdP Initiated Login
- Access the SAML IdP portal page.
- Click on the registered SAML SP app.
- Move to the representative app of the authentication settings configured in the Security365 portal.