Swift Security Docs
  • Introduction to Swift Security
  • Onboarding
    • Tenant Setup
    • Product Deployments
      • Browser Extension
      • LLM Guardrails
        • LLM Guardrails API Integration
      • VS Code IDE Extension
    • Directory Sync
      • Configuring Google Directory Sync
      • Configuring Microsoft Directory Sync
    • MDM
      • Extension Deployment Via Google Workspace
      • Extension deployment via google workspace + MDM at device level
      • Extension Deployment Via Microsoft Intune
        • Chromium Browsers in Windows
        • Edge Browsers in Windows
        • Firefox Browsers in Windows
      • Extension Deployment Via Kandji
        • Chromium Browsers in Mac
    • Infrastructure
      • SaaS Model
      • Hybrid deployment (coming soon)
  • SSO (Single Sign-On)
    • SSO Configurations identity provider - Google workspace
    • SSO Configurations identity provider - Microsoft Entra ID
  • Administrative Guide
    • Console Users
      • Role Creation
      • RBAC General Settings for Login Methods (for the Console)
      • User Creation
      • SSO login(okta)
    • Swift Detection Engines
      • Data Identifiers
        • Custom Data Identifiers
      • EDM Dictionaries
        • EDM Rule
        • EDM Profile
        • EDM Extension Policy
      • Data Rules
        • Custom Rules
      • Data Profiles
      • LLM Guardrail Scanners
        • Data Protection Scanner
        • Gibberish Scanner
        • Ban Substrings Scanner
        • Invisible Text Scanner
        • Code Scanner
        • Language Scanner
        • Sentiment Analysis Scanner
        • Jailbreak Scanner
        • Toxicity Scanner
        • Prompt Injection Scanner
        • Token Limit Scanner
        • Reading Time Scanner
        • Language Same Scanner
        • No Refusal Scanner
        • Factual Consistency Scanner
        • Bias Detection Scanner
        • URL Reachability Scanner
        • Nudity Scanner
        • Gender Scanner
        • Celebrity Scanner
        • Face Scanner
        • Race Scanner
        • Performance and Benchmark
    • Browser Extension
      • Extension Installation
      • Granular Policies
        • Control URL access
        • Protect company data
        • Protect against Threats (Coming Soon)
      • Extension Alerts
      • Extension Events
      • Extension Popups
      • Browser Extension Coverage
    • LLM Guardrails
      • LLM Guardrails Policies
      • LLM Guardrails Alert
      • LLM Guardrails Events
    • Regulation Laws
  • Assets
    • Applications
    • Users
    • Extensions
  • Integration
    • Notification
      • Jira
      • ServiceNow
      • Slack
      • Splunk
    • Forensic
    • Feature
      • Rules Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Data identifiers Glossary
        • United States
        • Canada
        • Latin America
        • European Union
        • Australia
        • APAC (Asia-Pacific)
        • EMEA Countries
        • Others
      • Supported MIME Types
      • Supported OCR Format
    • Manage unauthorized access from unmanaged browser
  • Settings
    • Manage Reasons
    • Audit Log
  • Release Notes
    • Version - 1.27
    • Version - 1.26
    • Version - 1.25
    • Version - 1.24
    • Version - 1.23
    • Version - 1.16
    • Version - 1.15
    • Version - 1.14
    • Version - 1.13
    • Version - 1.12
    • Version - 1.11
    • Version - 1.10
    • Version - 1.09
    • Version - 1.08
    • Version - 1.07
    • Version - 1.06
    • Version - 1.05
    • Version - 1.04
    • Version - 1.03
    • Version - 1.02
    • Version - 1.01
Powered by GitBook
On this page
  • Add users and groups to the application
  • Identity Provider Information
  • User Attribute Mapping
  • Group Attribute Mapping
  1. SSO (Single Sign-On)

SSO Configurations identity provider - Microsoft Entra ID

PreviousSSO Configurations identity provider - Google workspaceNextAdministrative Guide

Last updated 5 days ago

For SSO setup, we will send the SSO setup link to the user via email. The user can then click on the link from their email to proceed with the setup.

When the user opens the link, they will see a screen like this. They need to click on "SSO Configuration" to begin the setup process.

After clicking on SSO Configuration, the user will see a screen like this. From here, they need to select their Identity Provider (IdP) — for Idp Microsoft click on Azure Entra ID

once the user clicks on Azure Entra ID, they will see the SAML button appear. They need to click on the SAML button to proceed with setting up SSO using the SAML protocol.

Identity Provider Information Setup (via Azure management portal)

  1. Log in to your Azure management portal.

  2. Search and select Microsoft Entra ID.

  3. In the left navigation panel, expend the "Manage" section and select "Enterprise applications".

  1. Click on New application.

  1. Click on Create your own application.

  1. In the panel on the right, enter an app name and select the Integrate any other application you don't find in the gallery (Non-gallery) option, and click Create.

  1. Click on Get Started in the Set up single sign on box.

  1. Click on Single sign-on on the left pane, and select SAML.

  1. Click on Edit.

scroll down, and press Continue. Service Provider Information Under Identifier (Entity ID), Click on Add identifier and enter the following value

Under Reply URL (Assertion Consumer Service URL), Click on Add reply URL and enter the following value

  • Click Save when you are done and press Continue.

Add users and groups to the application

To assign users and groups to the application, follow these steps:

  • On the left menu, click on Users and groups, and then on Add user/group.

In the Users section on the left, click on None Selected. On the right side pane, select the users or groups you want to give access to your application. Finish by clicking on Select at the bottom.

Click on Assign at the bottom.

when you are done press Continue.

Identity Provider Information

In the SAML application properties page, follow these steps:

  • Select Single sign-on from the left side panel and scroll down to section 3: SAML Certificates, and Download the Certificate (Base64) file.

Open the file using text editor, copy it's content and paste it to the following field

Scroll down to section 4: Set up {App Name}. Copy the Login URL and "Microsoft Entra Identifier values to the following fields

"Login URL" is required , "Microsoft Entra Identifier" is required , "Certificate (Base64)" is required

when you are done press Continue.

User Attribute Mapping

You can add attributes to the SAML response by clicking the edit button on the Attributes & Claims tab.

The default attributes are shown, select Add new claim to add more user attributes.

Map the attributes from Entra ID here

Map attribute names from Azure Entra ID to supported user attributes. This will sync on every user authentication.

when you are done press Continue.

Group Attribute Mapping

To add group attribute, follow these steps:

  • click on Add a group claim.

select which groups associated with the user should be returned in the claim and the source format.

Group Mapping

Enter the name of the attribute used by Azure Entra ID for group associations. We will use it to retrieve group names that can later on be mapped to roles.

when you are done press Continue.

The below domains are used to determine which SSO configuration to load once a user chooses to authenticate using SSO.

when you are done press Continue and Test your current SSO configuration to make sure all parts are set properly save and Test.