Configure Microsoft Entra ID as an Identity Provider for CISO Assistant
Go into your Azure portal home
Open the sidebar menu and click on Microsoft Entra ID
Click on Add button > Entreprise application
Click on Create your own application
Enter a name and then click Integrate any other application you don’t find in the gallery (Non-gallery)
Click on Single sign-on from the sidebar menu or on Set up single sign on bellowGetting Started and choose SAML
In the first box Basic SAML Configuration, specify the Entity ID, it has to be the same than SP Entity IDin CISO Assistant (see next screenshot)
Add the Reply URL: <base_url>/api/accounts/saml/0/acs/ (for example with localhost: https://localhost:8443/api/accounts/saml/0/acs/)
In the third box SAML Certificates, copy the App Federation Metadata Url as it is the Metadata URL in CISO Assistant (see next screenshot)
In the fourth box Set up <App_name>, copy the Microsoft Entra Identifier as it is the IdP Entity IDin CISO Assistant
Make sure you use the same Identifier (Entity ID) that you've set earlier and appear on block 1, on CISO Assistant SP Entity ID:
Click on Users and groups in the sidebar menu, and Add user/group to give them access to CISO Assistant with SSO. The matching key will be the email and you'll be able to grant their permissions on the applications.
You can now with the 3 parameters you've retrieved.
1. Introduction
Go to your Microsoft Azure Portal
2. Navigate to App Registrations
Adding a user in your Entra application doesn't automatically create the user on CISO Assistant
Click the App registrations section to add a new application for OIDC configuration. You can also use the search bar if you don't find it in the suggestions.
3. Start New Application Registration
4. Name your application
5. Select Web Platform in Redirect URI options
6. Enter the callback URL of your instance
The callback URL is: <ciso_assistant_url>/api/accounts/oidc/openid_connect/login/callback/ for
for instance, for localhost: http://localhost:8000/api/accounts/oidc/openid_connect/login/callback/
7. Complete Application Registration
8. Copy the Application Client ID
9. Past it into the Client ID field
10. Open Certificates & Secrets
11. Create a New Client Secret
12. Add your Client Secret
13. Copy the fresh Client Secret Value
14. Past it into the Secret field
15. Go back to your App Overview
16. Inside Endpoints copy the OpenID Connect metadata URL
17. Paste it into the Server URL field
18. Save your configuration
You have successfully configured OpenID Connect (OIDC) integration with EntraID.
