Skip to main content

SAML SP Integration Guide ▶ Microsoft Entra ID

This is a guide document on how to set up Microsoft Entra ID as the IdP and SHIELD ID as the SP in a Security365 On-Premise environment.

Prerequisites

  • In the public environment, SSO federation settings are configured.
  • You must have administrator privileges for the Security365 management center.
  • You must have Microsoft Azure administrator privileges.

Process

1) Enabling Security365 SAML Step 1

  1. Access and log in to the Security365 Management Center.
  2. Access the settings menu.
  3. Access the User Authentication Settings tab.
  4. Enables the SSO authentication (SAML) option.
  5. Click on the detailed view of SP settings.
  6. Copy the following three items to a notepad.
    • Entity ID
    • ACS URL
    • Login Access URL

2) Create Azure Enterprise Application

  1. Azure PortalConnect and log in.
  2. Access the [Microsoft Entra ID] menu.
  3. Access the [Enterprise Application] menu.
  4. Click the [New Application] button at the top.
  5. Click the [Create Your Own Application] button at the top.
  6. When the right slide is activatedAfter entering the app nameClick the create button.
  7. Select the [Single Sign-On] menu within the created app.
  8. Select the [SAML] menu.
  9. Basic SAML ConfigurationEditing item.
    • 식별자 (Entity ID)
      • Add Identifier Selection
      • Paste the Entity ID copied to the notepad
    • 회신 URL (ACS URL)
      • Add reply URL option
      • Paste the ACS URL that you copied to the notepad.
    • 로그인 URL (Login Access URL)
      • Paste the Login Access URL that you copied to the notepad.
  10. Characteristics and ClaimsEditing item.
  11. Select the claim, edit it, and save.
    • user.mail
      • Rename ▶ email
      • Namespace: Delete Pre-written URL
    • user.givenname
      • Name Change ▶ userName
      • Namespace: Delete Predefined URL
  12. Delete the unused user.userprincipalname and user.surname fields.
  13. You can confirm that downloading the [Federation Metadata XML] of the SAML certificate is possible by moving to the top menu.
    • Click the download button to proceed with the download.
    • Enterprise App Name.xmlIt will proceed with the download.

3) Enabling Security365 SAML Step 2

  1. Upload the downloaded federation metadata XML.
    • Upload button in the MetaData area of IDP
    • It is confirmed that the upload was successful.
  2. Specify and save the Security365 app to navigate to when starting the SAML IdP login.

4) Azure SAML Customization

  1. To specify users who will use SAML login, click the [Users and Groups] menu on the Enterprise Apps screen.
  2. Click the [Add User/Group] button at the top.
  3. Click the [No Selected Items] button to add a user.
  4. Check the users to add and click the [Select] button.
  5. Click the [Assign] button in the lower left corner.

5) Login Test

SP Initiated Login

  1. The user accesses the on-premises SHIELDGate page.(= Move to Security365 Service)
    • For unregistered users, registration is possible through the following process: Register > Register with an organization > Enter company domain > SSO login (SAML IdP).
  2. Enter an email format ID on the Security365 integrated login page (SHIELD ID).(= SAML SP)
  3. You will be redirected to the Microsoft password authentication page for verification.(= Redirect to SAML IdP)
  4. Once Microsoft authentication is complete, you will successfully log in to SHIELDGate.(= Proceed with authentication on the SAME login screen)
  5. You can use the service after confirming the completion of the service login.

Reference

IdP Initiated Login

  1. Access the SAML IdP portal page.
  2. Click on the registered SAML SP app.
  3. Move to the representative app of the authentication settings configured in the Security365 portal.