Technical

Microsoft Entra integration with Asset Bank

Follow
Note: SSO is a Professional / Enterprise license feature. Set up fees apply. To enable SSO please contact our Customer Support Team.

This article has been extracted (& extended) from Microsoft's tutorial: Microsoft Entra integration with Asset Bank.

 

Required URLs

You will need the following URLs in order to add Asset Bank as an app in Entra:

  • Identifier: https://[your-assetbank-domain]/shibboleth
  • Reply URL: https://[your-assetbank-domain]/Shibboleth.sso/SAML2/POST
  • Sign On URL: https://[your-assetbank-domain]

 

Adding Asset Bank from the gallery

  • Click ‘Add+’ and then select ‘Enterprise application’.

  • Search for “asset bank” and select the Asset Bank app.

  • In the panel that opens on the right, change the name if required and click ‘Create’.

 

Configure Microsoft Entra SSO

  • Open the newly added Asset Bank app and select ‘Single Sign-On’. 
  • On the Select a single sign-on method page, select SAML.
  • On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.

  • Fill in the Identifier, Reply URL and Sign on URL with the following URLs:
    • Identifier: https://[your-assetbank-domain]/shibboleth
    • Reply URL: https://[your-assetbank-domain]/Shibboleth.sso/SAML2/POST
    • Sign On URL: https://[your-assetbank-domain]
  • In the SAML Signing Certificate section, click Download to download the Federation Metadata XML.

  • Confirm and complete the configuration and then send the metadata to us via our SendSafely Portal.

Assigning AD users to Asset Bank

  • On the Azure classic portal, choose your Directory and open the applications view

  • In the applications list select Asset Bank

  • In the menu bar on the top click Users

  • In the Users list select the desired user, in the toolbar on the bottom click Assign

 

Mapping AD groups to Asset Bank user groups

You can configure your Asset Bank to automatically assign users to certain group(s) based on the Azure AD group(s) they are in, see this article for more details.

When authenticating a user, Azure AD will provide the user groups IDs rather than their names therefore you would need to retrieve such IDs from your directory in order to complete the mapping in Asset Bank.

  • From your Directory open the Groups view

  • Select the desired Group and open the Properties view

  • The group ID is called Object ID

Related articles

Comments

0 comments

Article is closed for comments.