The following procedure will help you to configure Microsoft Azure Active Directory for single sign-on. The first step of the process is to provide the SAML configuration steps of an Azure Active Directory Enterprise application to Alert Logic. This is required because Azure Active Directory generates new values for every application, and Alert Logic requires these values to create the service provider configuration to use in the finalized Azure Active Directory configuration.
Initial Configuration
-
Navigate to the Microsoft Azure portal at https://portal.azure.com.
-
Navigate to the Azure Active Directory service and select the directory that will be used for Single Sign On (it may be the Default Directory).
-
Click Enterprise applications in the left sidebar to be redirected to the Enterprise applications gallery.
-
Create a new Enterprise application by clicking New application at the top of the list of applications.
-
Click Create your own application to open a new application dialog.
-
Input the name of the new application.
-
Select Integrate any other application you don't find in the gallery (Non-gallery) from the dialog.
-
Click Create at the bottom of the dialog to create the application and be redirected to the application configuration.
-
This may take some time to complete; testing may take around 30 seconds.
-
Although it might complete, it may not redirect to the new application correctly; in this case, return to the Enterprise applications list and refresh the page to see the new application and click on its name to move to the next step.
Note: Alert Logic does not have a published Azure Active Directory application, so a new non-gallery application must be created.
-
-
-
On the application configuration Overview page that opens, click either Single sign-on on the left sidebar or 2. Set up single sign on from the Getting Started steps to open the Single sign-on configuration page.
-
On the Select a single sign-on method configuration page, click the SAML box to select SAML.
-
On the Set up Single Sign-On with SAML page:
-
Click the Edit button of the Basic SAML Configuration box to open a configuration dialog.
-
In the Basic SAML Configuration dialog:
-
Enter a placeholder value for the Identifier (Entity ID) field and ensure any existing value in the dialog is deleted and replaced with the placeholder text. The placeholder can be used for the Identifier (Entity ID); the value will be replaced later.
-
Enter a placeholder value for the Reply URL (Assertion Consumer Service URL) field. https://alertlogic.com can be used for the Reply URL (Assertion Consumer Service URL); the value will be replaced later.
-
Click Save at the top left of the dialog.
-
Close the dialog.
-
-
Find the SAML Signing Certificate box.
-
Save the Certificate (Base64) and Federation Metadata XML files by clicking the respective Download links. These files will be provided to Alert Logic to configure the Alert Logic service provider.
-
-
Finalize Configuration
After providing the Microsoft Azure Active Directory configuration details to Alert Logic, Alert Logic will create the service provider configuration and return these values to finalize the Azure Active Directory configuration.
-
Navigate to the Microsoft Azure portal at https://portal.azure.com.
-
Navigate to the Azure Active Directory service.
-
Select the directory that will be used for Single Sign On (it may be the Default Directory).
-
Click Enterprise applications in the left sidebar to be redirected to the Enterprise applications gallery.
-
Click on the name of the Enterprise application created in the Initial Configuration steps.
-
On the application configuration Overview page that opens, click either Single sign-on on the left sidebar or 2. Set up single sign on from the Getting Started steps to open the Single sign-on configuration page.
-
On the Set up Single Sign-On with SAML page:
-
Click the Edit button of the Basic SAML Configuration box to open a configuration dialog.
-
In the Basic SAML Configuration dialog:
-
Copy and paste the SP Entity ID provided into the Identifier (Entity ID) field and ensure any existing value in the dialog is deleted and replaced with the placeholder text.
-
Copy and paste the Assertion Consumer Service URL (SSO Callback URL) provided into the Reply URL (Assertion Consumer Service URL) field.
-
Click Save at the top left of the dialog.
-
Close the dialog.
-
-
Optional: The chosen Unique User Identifier property in the User Attributes & Claims box must match the username of the user in the Alert Logic console; update the value from the default of user.userprincipalname if there is a different field that must be used.
-
Optional: to enable Single Log Out:
-
Click the Edit button of the Basic SAML Configuration box to open a configuration dialog.
-
Enter the Single Log out URL provided into the Logout URL field.
-
Click Save at the top left of the dialog.
-
-
-
Click Users and groups in left sidebar to view application assignments.
-
Assign the application to users/groups as required.
Comments
0 comments
Please sign in to leave a comment.