Microsoft Entra ID

Configure Microsoft Entra ID as an Identity Provider for CISO Assistant

Go into your Azure portal home

  1. Open the sidebar menu and click on Microsoft Entra ID

  2. Click on Add button > Entreprise application

  3. Click on Create your own application

  4. Enter a name and then click Integrate any other application you don’t find in the gallery (Non-gallery)

  5. Click on Single sign-on from the sidebar menu or on Set up single sign on bellow Getting Started and choose SAML

  6. In the first box Basic SAML Configuration, specify the Entity ID, it has to be the same than SP Entity ID in CISO Assistant (see next screenshot)

  7. Add the Reply URL: <base_url>/api/accounts/saml/0/acs/ (for example with localhost: https://localhost:8443/api/accounts/saml/0/acs/)

  8. In the third box SAML Certificates, copy the App Federation Metadata Url as it is the Metadata URL in CISO Assistant (see next screenshot)

  9. In the fourth box Set up <App_name>, copy the Microsoft Entra Identifier as it is the IdP Entity ID in CISO Assistant

  10. Make sure you use the same Identifier (Entity ID) that you've set earlier and appear on block 1, on CISO Assistant SP Entity ID:

  11. Click on Users and groups in the sidebar menu, and Add user/group to give them access to CISO Assistant with SSO. The matching key will be the email and you'll be able to grant their permissions on the applications.

Add a user in your application doesn't automatically create the user on CISO Assistant

You can now configure CISO Assistant with the 3 parameters you've retrieved.

Using Open ID connect

  • head to Entra ID

  • Under manage, select App registrations and create a New registration and use the default settings.

  • Once createad, copy the Application (client) ID and use it as first parameter on CISO Assistant.

  • under the manage section of the app, select certificates and secrets

  • Create a new client secret under the client secrets, copy its value and use it as second parameter on CISO Assistant.

  • Go back to Overview of the app, and click Endpoints. Use the value on OpenID Connect metadata document as third parameter on CISO Assistant.

  • Under the Authentication (Preview) of the app, click add redirect URI, and select web , the value should be something like <ciso_assistant_backend_url>/api/accounts/oidc/openid_connect/login/callback/ for instance, for localhost, http://localhost:8000/api/accounts/oidc/openid_connect/login/callback/

PreviousIdentity providersNextOkta

Last updated

Was this helpful?