Skip to main content

SAML SP Integration Guide ▶ Microsoft Entra ID

This is a guide document on how to set up Microsoft Entra ID as the IdP and SHIELD ID as the SP in a Security365 On-Premise environment.

Prerequisites

  • In the public environment, SSO federation settings are configured.
  • You must have administrator privileges for the Security365 management center.
  • You must have Microsoft Azure administrator privileges.

Process

1) Enable Security365 SAML Step 1

  1. Access the Security365 management center and log in.
  2. Access the settings menu.
  3. Access the User Authentication Settings tab.
  4. Enables the SSO authentication (SAML) option.
  5. Click on the detailed view of SP settings.
  6. Copy the following 3 items to a notepad.
    • Entity ID
    • ACS URL
    • Login Access URL

2) Create Azure Enterprise Application

  1. Azure PortalConnect and log in.
  2. Access the [Microsoft Entra ID] menu.
  3. Access the [Enterprise Application] menu.
  4. Click the [New Application] button at the top.
  5. Click the [Create Your Own Application] button at the top.
  6. When the right slide is activated,After entering the app name __PH_0__Click the create button.
  7. Select the [Single Sign-On] menu within the created app.
  8. Select the [SAML] menu.
  9. Basic SAML ConfigurationEditing the item.
    • 식별자 (Entity ID)
      • Add Identifier Selection
      • Paste the Entity ID copied to the notepad.
    • 회신 URL (ACS URL)
      • Add reply URL option
      • Paste the ACS URL copied to the notepad.
    • 로그인 URL (Login Access URL)
      • Paste the Login Access URL copied to the notepad.
  10. Features and ClaimsEditing the item.
  11. Select the claim, edit it, and then save.
    • user.mail
      • Change Name ▶ email
      • Namespace: Delete Pre-written URL
    • user.givenname
      • Change Name ▶ userName
      • Namespace: Delete Pre-written URL
  12. Delete the unused user.userprincipalname and user.surname fields.
  13. You can confirm that downloading the [Federation Metadata XML] of the SAML certificate is available when you move to the upper menu.
    • Click the download button to proceed with the download.
    • Enterprise App Name.xmlThe download will proceed with __PH_0__.

3) Enabling Security365 SAML Step 2

  1. Upload the downloaded federation metadata XML.
    • Upload button in the MetaData area of IDP
    • It is confirmed that the upload was successful.
  2. Specify and save the Security365 app to navigate to during SAML IdP initial login.

4) Azure SAML Customization

  1. Click the [Users and Groups] menu on the Enterprise Apps screen to specify the users who will use SAML login.
  2. Click the [Add User/Group] button at the top.
  3. Click the [No Selected Items] button to add a user.
  4. Check the users to add and click the [Select] button.
  5. Click the [Assign] button in the lower left corner.

5) Login Test

SP Initiated Login

  1. The user accesses the on-premises SHIELDGate page.(= Move to Security365 service)
    • For unregistered users, registration is possible by going through the process of Register > Register with an Organization > Enter Company Domain > SSO Login (SAML IdP).
  2. Enter an email format ID on the Security365 unified login page (SHIELD ID).(= SAML SP)
  3. You will be redirected to the Microsoft password authentication page for verification.(= Redirect to SAML IdP)
  4. Once Microsoft authentication is completed, you will successfully log in to SHIELDGate.(= Proceed with authentication on the SAME login screen)
  5. You can use the service after confirming that the service login is complete.

Reference

IdP Initiated Login

  1. Access the SAML IdP portal page.
  2. Click on the registered SAML SP app.
  3. Move to the representative app of the authentication settings configured in the Security365 portal.