Skip to main content

Cyware Threat Intelligence eXchange

  • Cyware Threat Intelligence eXchange
  • How To Articles
  • Set up SAML Authentication for Intel Exchange Using Microsoft Entra ID

Set up SAML Authentication for Intel Exchange Using Microsoft Entra ID

Notice

Microsoft Azure Active Directory (Azure AD) is renamed to Microsoft Entra ID.

You can enable single sign-on (SSO) using an Identity Provider (IdP) that supports Security Assertion Markup Language (SAML), such as Microsoft Entra ID.

Before you Start

  • You must have suitable administrative privileges to create an external application using Microsoft Entra ID.

  • You must have the Assertion Consumer URL and Entity ID from Intel Exchange.

  • Your user group in Intel Exchange must have View and Update Configuration permissions to access the configuration module in Intel Exchange.

Fetch Assertion URL and Entity ID from CTIX

The Assertion Consumer URL is an endpoint in Intel Exchange, which the identity provider (Microsoft Entra ID) will redirect to with its authentication response. An entity ID is a globally unique name for the service provider or the identity provider.

Fetch the Assertion Consumer URL and entity ID from Intel Exchange and have them handy. You need these values while setting up the SAML 2.0 app in Microsoft Entra ID.

  1. Sign in to Intel Exchange.

  2. Go to Administration > Configuration > Authentication > SAML 2.0.

  3. Copy and retain the following values:

    • Assertion Consumer URL

    • Entity ID

    CTIX_AzureAD.gif

Configure SAML Application for CTIX on Microsoft Entra ID

Set up Microsoft Entra ID for SSO by creating an external application for Intel Exchange and configuring SSO for it.

  1. Sign in to the Microsoft Entra ID portal as an Administrator.

  2. Under Entra ID Services select Entra ID Active Directory.

  3. Under Manage on the left pane, select Enterprise Applications > +New Application.

  4. In what's the name of your app, enter Intel Exchange and select Integrate any other application you don't find in the gallery (Non-gallery).

  5. Click Create to create the application.

  6. Select Single Sign-on under Manage.

  7. For Select a single sign-on method, select SAML.

  8. Click Edit on Basic SAML Configuration and enter the Entity ID and Assertion Consumer Service URL that you copied from Intel Exchange.

  9. The rest of the fields are optional. Save your changes.

  10. Click Edit on Attributes and Claims.

  11. In Required Claims, click the horizontal ellipsis and enter Unique User Identifier (Name ID) as user.userprincipalname.

  12. Edit the existing additional claims and add the claims for email, first name, and last name.

    Note that the application automatically provides Namespace values for the parameters added for the claim. The Namespace field is optional. You must remove the value of Namespace present in each additional claim by editing the values and keeping the Namespace values empty.

    • Enter the following values to add a claim for email:

      • Name as email

      • Select Source as Attribute

      • Source Attribute as user.mail.

    • Enter the following values to add a claim for the first name:

      • Name as first_name

      • Select Source as Attribute

      • Source Attribute as user.givenname

    • Enter the following values to add a claim for the last name:

      • Name as last_name

      • Select Source as Attribute

      • Source Attribute as user.surname

  13. Go to SAML Certificates and download the Certificate (Base64) or Certificate (Raw), Federation Metadata XML, and copy the App Federation Metadata URL to use while configuring the SSO in Intel Exchange.

  14. Click Save.

Create Users in Microsoft Entra ID

Create users in Microsoft Entra ID to set up SAML authentication. For more information on creating users in Microsoft Entra ID, see Add or Delete Users. You must assign the created users or user groups to the Intel Exchange application present in Microsoft Entra ID.

Steps

  1. Sign in to the Microsoft Entra ID portal as an administrator.

  2. From Manage, select User and groups.

  3. Click +Add User to select and add your users.

Create Users in Intel Exchange

You must add the users created in Microsoft Entra ID to establish a complete flow of information. For more information about creating users in Intel Exchange, see Onboard Users.

Configure Microsoft Entra ID SSO in Intel Exchange

  1. Sign in to Intel Exchange.

  2. Go to Administration > Configuration > Authentication

  3. Select SAML 2.0 and click Edit.

  4. Select either Metadata XML or Certificate as the Identity Provider Attributes generated while configuring the SAML application for Intel Exchange in Microsoft Entra ID. You can use the Certificate (Base 64) certificate if you choose the certificate as the IDP type.

  5. Click Upload against Metadata XML and upload the Federation Metadata XML file you downloaded from Microsoft Entra ID.

  6. Enable AuthnRequest to send authentication requests from Intel Exchange to Microsoft Entra ID.

  7. Click Activate SAML and click Save.

Verify Single Sign-on from Microsoft Entra ID

  1. Sign in to Microsoft Entra ID.

  2. Verify from Office - All Apps that Intel Exchange is available for the user.

  3. Click CTIX application.

  4. You are directed to the Intel Exchange sign-in page. Click SAML and sign in to Intel Exchange.