Skip to main content

Cyware Fusion and Threat Response

Set up SAML Authentication for Respond (CFTR) Using Microsoft Entra ID

Notice

Microsoft Azure Active Directory (Azure AD) is renamed to Microsoft Entra ID.

Respond integrates with Microsoft Entra ID through the Security Assertion Markup Language (SAML) protocol. SAML is an XML-based protocol for exchanging authentication and authorization data between applications. Within the Respond-Microsoft Entra ID SAML integration, Respond acts as the Source Provider (SP), and Microsoft Entra ID acts as the Identity Provider (IdP). When users sign in to Respond using the SAML authentication method, the IdP (Microsoft Entra ID) sends a SAML assertion to the browser that is passed to the SP (Respond). This enables Microsoft Entra ID to establish a secure connection with the browser and then authenticate the users to sign in to the Respondapplication.

Before you Start:

  • You must have administrative privileges to create external applications using Microsoft Entra ID.

  • Ensure you have Create/Update permission to Configurations.

Steps

To set up SAML SSO in Respond using Microsoft Entra ID, perform the following steps:

Get Source Provider Details from Respond

To configure Respond as a SAML 2.0 app in Microsoft Entra ID, you must provide the source provider details of the Respond application, such as the Assertion Consumer URL and Entity ID. For more information, see Configure SAML Application for Respond on Microsoft Entra ID.

To retrieve the source provider details, follow these steps:

  1. Sign in to the Respond application.

  2. Go to Admin Panel > Configurations > Authentication > SAML 2.0.

  3. Copy and save the following source provider details to use while creating the SAML SSO integration on Microsoft Entra ID.

    • Assertion Consumer URL: It is the API endpoint of the application, where the Microsoft Entra ID redirects the user after successful authentication.

    • Entity ID: It is a globally unique name for the service provider.

Configure SAML Application for Respond on Microsoft Entra ID

Set up Microsoft Entra ID for SSO by creating an external application for Respond and configuring the SSO.

To configure the SAML application, follow these steps:

  1. Sign in to the Microsoft Entra ID as an administrator.

  2. Select All Services and click Microsoft Entra ID.

  3. Select Enterprise Applications and click New Application > Create your own application.

  4. In what's the name of your app field, enter Orchestrateand select Integrate any other application you don't find in the gallery (Non-gallery).

  5. Click Create to create the application.

  6. Select Single Sign-on under Manage.

  7. For Select a single sign-on method, select SAML.

  8. Click Edit on Basic SAML Configuration and enter the Entity ID in Identifier (Entity ID) and Assertion Consumer Service URL in Reply URL that you copied from the Orchestrate application. In the Reply URL, the Index field is optional.

  9. The Sign on URL, Relay State, and Logout URL fields are optional. Save your changes.

  10. Click Edit on Attributes and Claims.

  11. In Required Claim, click the horizontal ellipsis and enter Unique User Identifier (Name ID) as user.userprincipalname

  12. Edit the existing additional claims and add the claims for email, first name, and last name.

    Note that the application automatically provides Namespace values for the parameters added for the claim. The Namespace field is optional. You must remove the value of Namespace present in each additional claim by editing the values and keeping the Namespace values empty.

    • Enter the following values to add a claim for email:

      • Name as email

      • Select Source as Attribute

      • Source Attribute as user.mail

    • Enter the following values to add a claim for the first name:

      • Name as first_name

      • Select Source as Attribute

      • Source Attribute as user.givenname

    • Enter the following values to add a claim for the last name:

      • Name as last_name

      • Select Source as Attribute

      • Source Attribute as user.surname

    The following image illustrates the list of claims that must be added in Microsoft Entra ID. 

    final_additional_claims_screen.png
  13. Delete user.userprincipalname from Additional Claims.

  14. From SAML Signing Certificate, click Download to download the Federation Metadata XML file.

  15. Click Save.

Create Users in Microsoft Entra ID

You must create users in Microsoft Entra ID to set up SAML authentication.

To create users in Microsoft Entra ID, do the following:

  1. Sign in to the Microsoft Entra ID as an administrator.

  2. Go to Manage and select User and groups.

  3. Click +Add User and select the users to add.

    Note

    Ensure that the user is already added in CFTR. For more information, see Create User.

Configure Microsoft Entra ID SSO in CFTR

You must configure a single sign-on for Microsoft Entra ID in Respond to allow users to seamlessly and securely sign in to Respond from Microsoft Entra ID.

To configure Microsoft Entra ID SSO in Orchestrate, do the following:

  1. Sign in to CFTR and go to Admin Panel > Configurations > Authentication.

  2. Select SAML 2.0 and click Edit.

  3. Go to IDP (Identity Provider) and upload the Federation Metadata XML file you downloaded from Microsoft Entra ID in Metadata XML.

  4. Enable AuthnRequest to send authentication requests from CFTR to Microsoft Entra ID.

  5. Click Activate SAML and click Save.

Validate the Microsoft Entra ID Integration

Use the user account that you have added in Microsoft Entra ID to sign in to CFTR and validate the integration. To validate single sign-on from Microsoft Entra ID, do the following:

  1. Sign in to Microsoft Entra ID.

  2. Verify from Office - All Apps that the CFTR application is available for the user.

  3. Click CFTR, and then click SAML.

You should be able to sign in to CFTR without entering the credentials.