Note: SSO is a Professional / Enterprise license feature. Set up fees apply. To enable SSO please contact our Customer Support Team.
Please note that integration with Microsoft Entra ID is only available to our cloud-hosted customers and is not available to customers who host Asset Bank on their own servers.
This article has been extracted (& extended) from Microsoft's tutorial: Microsoft Entra integration with Asset Bank.
Required URLs
You will need the following URLs in order to add Asset Bank as an app in Entra:
- Identifier: https://[your-assetbank-domain]/shibboleth
- Reply URL: https://[your-assetbank-domain]/Shibboleth.sso/SAML2/POST
- Sign On URL: https://[your-assetbank-domain]
Adding Asset Bank from the gallery
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator and select Azure Active Directory.
- Click ‘Add+’ and then select ‘Enterprise application’.
- Search for “asset bank” and select the Asset Bank app.
- In the panel that opens on the right, change the name if required and click ‘Create’.
Configure Microsoft Entra SSO
- Open the newly added Asset Bank app and select ‘Single Sign-On’.
- On the Select a single sign-on method page, select SAML.
- On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.
- Fill in the Identifier, Reply URL and Sign on URL with the following URLs:
- Identifier: https://[your-assetbank-domain]/shibboleth
- Reply URL: https://[your-assetbank-domain]/Shibboleth.sso/SAML2/POST
- Sign On URL: https://[your-assetbank-domain]
- In the SAML Signing Certificate section, click Download to download the Federation Metadata XML.
- Confirm and complete the configuration and then send the metadata to us via our SendSafely Portal.
Assigning AD users to Asset Bank
- On the Azure classic portal, choose your Directory and open the applications view
- In the applications list select Asset Bank
- In the menu bar on the top click Users
- In the Users list select the desired user, in the toolbar on the bottom click Assign
Mapping AD groups to Asset Bank user groups
You can configure your Asset Bank to automatically assign users to certain group(s) based on the Azure AD group(s) they are in, see this article for more details.
When authenticating a user, Azure AD will provide the user groups IDs rather than their names therefore you would need to retrieve such IDs from your directory in order to complete the mapping in Asset Bank.
- From your Directory open the Groups view
- Select the desired Group and open the Properties view
- The group ID is called Object ID
Comments
0 comments
Please sign in to leave a comment.