Skip to main content

Cyware Situational Awareness Platform

Setup SAML SSO Integration using Microsoft Entra ID

You can use Microsoft Entra ID (previously Azure Active Directory) as an Identity Provider (IdP) to enable SSO in Collaborate.

Before you Start 

  • Ensure you have administrative access to add an application in Microsoft Entra ID

  • Ensure you have the Assertion Consumer URL and Entity ID from Collaborate

  • Ensure you have View and Update permissions to configure SAML 2.0 in Collaborate

Get Assertion URL and Entity ID

The Assertion Consumer URL is an endpoint in Collaborate, which the identity provider (Microsoft Entra ID) will redirect to with its authentication response. An entity ID is a globally unique name for the service provider or the identity provider.

You require these values while setting up the SAML 2.0 application in Microsoft Entra ID. To fetch these values from Collaborate, follow these steps:

  1. Sign in to the Collaborate Analyst Portal.

  2. Go to Administration > Integrations > Authentication Method.

  3. If you are configuring SAML for the Analyst Portal, click Analyst Dashboard. Similarly, to configure SAML for the Member Portal, select Member Portal.

  4. Copy and retain the following values:

    • Assertion Consumer URL

    • Entity ID

Create SAML Application in Microsoft Entra ID

  1. Sign in to Microsoft Azure.

  2. Search and select Enterprise applications.

  3. Click New Application > Create your own application.

  4. In what's the name of your app field, enter Collaborate and select Integrate any other application you don't find in the gallery (Non-gallery).

  5. Click Create to create the application.

Set up SSO for the Application

After creating the application, you can set up SSO for it.

  1. In Getting Started, select Set up single sign on. Alternatively, you can select Single sign-on in Manage.

  2. Click SAML.

  3. In Basic SAML Configuration, click Edit.

    Enter the Entity ID in Identifier (Entity ID) and Assertion Consumer Service URL in Reply URL. In Reply URL, indexing is optional.

  4. In Attributes & Claims, click Edit.

    • In Required claim, select the Unique User Identifier (Name ID) and enter the value as user.userprincipalname.

    • In Additonal claims, you must add the claims for email, first name, and last name. Note that the Namespace field is optional. You must remove the value of Namespace present in each additional claim.

      • Enter the following values to add a claim for email:

        • Name: Enter the name as email

        • Source: Select the source as Attribute

        • Source attribute: The source attribute must be user.mail

      • Enter the following values to add a claim for the first name:

        • Name: Enter the name as first_name

        • Attribute: Select the source as Source

        • Source attribute: The source attribute must be user.givenname

      • Enter the following values to add a claim for the last name:

        • Name: Enter the name as last_name

        • Attribute: Select the source as Source

        • Source attribute: The source attribute must be user.surname

      • After adding the details, click Save to set up SAML authentication.

  5. Go to SAML Certificates and download the Certificate (Base64) or Certificate (Raw), Federation Metadata XML, and copy the App Federation Metadata URL to use while configuring the SSO in Collaborate.

Assign Users to the Application

Ensure that you have created users in Azure AD. For more information on creating users in Azure AD, see Add or Delete Users. You must assign the created users or user groups to the Collaborate application you created in Microsoft Entra ID.

To assign users to the Collaborate application, follow these steps:

  1. Sign in to the Microsoft Azure portal as an administrator.

  2. Go to Enterprise Applications, and select the Collaborate application that you created.

  3. In Manage, select Users and groups.

  4. Click Add user/group. You can select and add your users to the application.

Create Users in Collaborate

The users you added in Microsoft Azure AD must be added to Collaborate. To create analyst (privileged users) or member users, see Onboard Privileged Users and Onboard Members.

Configure SAML 2.0 in Collaborate

You must configure a single sign-on for Microsft Entra ID in Collaborate to allow users to seamlessly and securely sign in to Collaborate's Analyst or Member Portal.

To configure SAML 2.0 in Collaborate, follow these steps:

  1. Sign in to Collaborate's Analyst Portal.

  2. Go to Administration > Integrations > Authentication Method.

  3. To configure SAML SSO for the Analyst Portal, click Analyst Dashboard. To configure SAML for the Member Portal, click Member Portal.

  4. Select SAML 2.0 and click Edit

    • In IDP (Identify Provider), upload the Federation Metadata XML file that you downloaded from Microsoft Entra ID in Metadata XML. Ensure that the .xml file is less than 40 MB.

    • In SSO URL, enter the App Federation Metadata URL that you retrieved from Microsoft Entra ID.

    • In SAML Group Mapping for Users, you can associate analyst users with specific roles available in the IdP. These roles help manage access permissions for analyst users within an organization.

    • In Certificate, click View Certificate and subsequently upload the certificate (Base64 or Raw) file.

    • Encrypt is optional. You can enable to encrypt the SAML authentication process.

    • Enable AuthnRequest to send authentication requests from Collaborate to Microsoft Entra ID.

  5. Click Save. Switch on Activate Authentication to ensure that SAML 2.0 is enabled as the authentication method.