Set up SAML Authentication for Intel Exchange Using Microsoft Entra ID
Notice
Microsoft Azure Active Directory (Azure AD) is renamed to Microsoft Entra ID.
You can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Microsoft Entra ID.
Before you Start
You must have suitable administrative privileges to create an external application using Microsoft Entra ID.
You must have the Assertion Consumer URL and Entity ID from Intel Exchange.
Your user group in Intel Exchange must have View and Update Configuration permissions to access the configuration module in Intel Exchange.
The Assertion Consumer URL is an endpoint in Intel Exchange, which the identity provider (Microsoft Entra ID) will redirect to with its authentication response. An entity ID is a globally unique name for the service provider or the identity provider.
Fetch the Assertion Consumer URL and entity ID from Intel Exchange and have them handy. You need these values while setting up the SAML 2.0 app in Microsoft Entra ID.
Sign in to Intel Exchange.
Go to Administration > Configuration > Authentication > SAML 2.0.
Copy and retain the following values:
Assertion Consumer URL
Entity ID
Set up Microsoft Entra ID for SSO by creating an external application for Intel Exchange and configuring SSO for it.
Sign in to the Microsoft Entra ID portal as an Administrator.
Under Entra ID Services select Entra ID Active Directory.
Under Manage on the left pane, select Enterprise Applications > +New Application.
In what's the name of your app, enter Intel Exchange and select Integrate any other application you don't find in the gallery (Non-gallery).
Click Create to create the application.
Select Single Sign-on under Manage.
For Select a single sign-on method, select SAML.
Click Edit on Basic SAML Configuration and enter the Entity ID and Assertion Consumer Service URL that you copied from Intel Exchange.
The rest of the fields are optional. Save your changes.
Click Edit on Attributes and Claims.
In Required Claims, click the horizontal ellipsis and enter Unique User Identifier (Name ID) as
user.userprincipalname
.Edit the existing additional claims and add the claims for email, first name, and last name.
Note that the application automatically provides Namespace values for the parameters added for the claim. The Namespace field is optional. You must remove the value of Namespace present in each additional claim by editing the values and keeping the Namespace values empty.
Enter the following values to add a claim for email:
Name as email
Select Source as Attribute
Source Attribute as user.mail.
Enter the following values to add a claim for the first name:
Name as first_name
Select Source as Attribute
Source Attribute as user.givenname
Enter the following values to add a claim for the last name:
Name as last_name
Select Source as Attribute
Source Attribute as user.surname
Go to SAML Certificates and download the Certificate (Base64) or Certificate (Raw), Federation Metadata XML, and copy the App Federation Metadata URL to use while configuring the SSO in Intel Exchange.
Click Save.
Create users in Microsoft Entra ID to set up SAML authentication. For more information on creating users in Microsoft Entra ID, see Add or Delete Users. You must assign the created users or user groups to the Intel Exchange application present in Microsoft Entra ID.
Steps
Sign in to the Microsoft Entra ID portal as an administrator.
From Manage, select User and groups.
Click +Add User to select and add your users.
You must add the users created in Microsoft Entra ID to establish a complete flow of information. For more information about creating users in Intel Exchange, see Onboard Users.
Sign in to Intel Exchange.
Go to Administration > Configuration > Authentication
Select SAML 2.0 and click Edit.
Select either Metadata XML or Certificate as the Identity Provider Attributes generated while configuring the SAML application for Intel Exchange in Microsoft Entra ID. You can use the Certificate (Base 64) certificate if you choose the certificate as the IDP type.
Click Upload against Metadata XML and upload the Federation Metadata XML file you downloaded from Microsoft Entra ID.
Enable AuthnRequest to send authentication requests from Intel Exchange to Microsoft Entra ID.
Click Activate SAML and click Save.
Sign in to Microsoft Entra ID.
Verify from Office - All Apps that Intel Exchange is available for the user.
Click CTIX application.
You are directed to the Intel Exchange sign-in page. Click SAML and sign in to Intel Exchange.