Microsoft Azure AD SAML
Set up single sign-on with Microsoft Azure AD SAML
Last updated
Set up single sign-on with Microsoft Azure AD SAML
Last updated
Log in to your organization’s Microsoft Azure portal as a user with administrative privileges and select “Azure Active Directory”.
Create App Integration
Click the New application button
Click “Create your own application”
When prompted, give your application an easily identifiable name (e.g. “Enso SSO”), and select the option “Integrate any other application you don't find in the gallery (Non-gallery)” and click Create
Click the Single sign-on option from the menu on the left, and when prompted to “Select a single sign-on method”, please choose SAML.
Click Edit on Step 1 - “Basic SAML Configuration”
On the next page, “Basic SAML Configuration”, click “Add identifier” and “Add reply URL”
In the Identifier and Reply URL fields, please enter the following URL with your organization’s domain (instead of “example.com”):
https://app.enso.security/saml/consume/example.com
In the Sign on URL (Optional) field, please input the following URL:
https://app.enso.security
Click Save when you are done
Scroll down the Single sign-on page, click Edit next to Step 2 - "Attributes & Claims”
Click Add new claim for each of the required attributes, according to the table in the next segment
Set the Attribute Statements/Claims according to the following table and click Save for each new claim
Now that the Azure Enterprise Application has been created, the following details should be sent to Enso to complete the integration process:
In order to retrieve these details:
From the newly created app’s Overview page, please copy the “Application ID” and the “Object ID”, and send both to Enso with clear labeling for each
Back on the Single sign-on page (which can be accessed from the menu on the left):
Scroll down to Step 3
SAML Certificates should display a Download link next to “Federation Metadata XML” ֹ
Click this link, and send the resulting XML file to Enso in order to complete the setup process
The final step in the process is assigning any Users and/or Groups to the newly created Enso Azure AD Application.
Any users assigned to this application will be granted access to Enso.
Users and Groups can be accessed from the Directory menu on the left.
Click Add user/group to select the users that should have access to Enso
On the app Properties page, you can optionally add a logo for the Enso SSO integration. Feel free to use the Enso logo for this step
Identity Provider Single Sign-On URL
The URL for your identity provider sign-in page
https://login.microsoftonline.com/197a9187-5505-4b51-8b83-2f719d8b938f/saml2
X.509 Certificate
The identity provider’s public key, encoded in Base64 format
-----BEGIN CERTIFICATE-----
MIIDqDABCDEFGHIJKLMNOPQRSTUVWXYZABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ABCDEFGHIJKLMNOPQj9g==
-----END CERTIFICATE-----
User email domains
The email domains which should have access to your organization in Enso
example.com
example.tld
Application ID
The Azure AD application identifier
197a9187-5505-4b51-8b83-2f719d8b938f
Object ID
The Azure object identifier
197a9187-5505-4b51-8b83-2f719d8b938f
