Request a Demo

Microsoft Azure AD SAML

Set up single sign-on with Microsoft Azure AD SAML

Prerequisites

Azure AD Application Setup

Log in to your organization’s Microsoft Azure portal as a user with administrative privileges and select “Azure Active Directory”.

Create App Integration

  1. From the menu on the left, choose Enterprise Applications

  2. Click the New application button

  1. Click “Create your own application”

  1. When prompted, give your application an easily identifiable name (e.g. “Enso SSO”), and select the option “Integrate any other application you don't find in the gallery (Non-gallery)” and click Create

  1. Click the Single sign-on option from the menu on the left, and when prompted to “Select a single sign-on method”, please choose SAML.

  1. Click Edit on Step 1 - “Basic SAML Configuration”

  1. On the next page, “Basic SAML Configuration”, click “Add identifier” and “Add reply URL”

  1. In the Identifier and Reply URL fields, please enter the following URL with your organization’s domain (instead of “example.com”):

https://app.enso.security/saml/consume/example.com

  1. In the Sign on URL (Optional) field, please input the following URL:

https://app.enso.security

  1. Click Save when you are done

  1. Scroll down the Single sign-on page, click Edit next to Step 2 - "Attributes & Claims”

  1. Click Add new claim for each of the required attributes, according to the table in the next segment

  1. Set the Attribute Statements/Claims according to the following table and click Save for each new claim

Identity Provider Details

Now that the Azure Enterprise Application has been created, the following details should be sent to Enso to complete the integration process:

Identity Provider Single Sign-On URL

The URL for your identity provider sign-in page

https://login.microsoftonline.com/197a9187-5505-4b51-8b83-2f719d8b938f/saml2

X.509 Certificate

The identity provider’s public key, encoded in Base64 format

-----BEGIN CERTIFICATE-----

MIIDqDABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ

ABCDEFGHIJKLMNOPQRSTUVWXYZ

ABCDEFGHIJKLMNOPQj9g==

-----END CERTIFICATE-----

User email domains

The email domains which should have access to your organization in Enso

  • example.com

  • example.tld

Application ID

The Azure AD application identifier

197a9187-5505-4b51-8b83-2f719d8b938f

Object ID

The Azure object identifier

197a9187-5505-4b51-8b83-2f719d8b938f

In order to retrieve these details:

  1. From the newly created app’s Overview page, please copy the “Application ID” and the “Object ID”, and send both to Enso with clear labeling for each

  1. Back on the Single sign-on page (which can be accessed from the menu on the left):

    1. Scroll down to Step 3

    2. SAML Certificates should display a Download link next to “Federation Metadata XML” ֹ

    3. Click this link, and send the resulting XML file to Enso in order to complete the setup process

Assign Users

The final step in the process is assigning any Users and/or Groups to the newly created Enso Azure AD Application.

  • Any users assigned to this application will be granted access to Enso.

  • Users and Groups can be accessed from the Directory menu on the left.

Click Add user/group to select the users that should have access to Enso

On the app Properties page, you can optionally add a logo for the Enso SSO integration. Feel free to use the Enso logo for this step

PreviousOkta SAMLNextManage Dashboard

Last updated