SAML configuration for Microsoft Azure

Prerequisites

Make sure to set up the SAML account in Azure beforehand using the following documents as reference.

Configure information in the Microsoft Azure portal

  1. Sign in to the Azure portal.
  2. Navigate to Enterprise Applications.
  3. Locate your company's SAML sign-on app.
  4. In the left sidebar, select Single Sign-on.
  5. In Section 1, Basic SAML Configuration, configure the following fields:
    1. Identifier (Entity ID): https://platform_Address/Saml2/ACS
    2. Reply URL (Assertion Consumer Service URL): https://platform_Address/Saml2/ACS
    3. Sign on URL: https://platform_Address/Saml2/

Keep the Azure portal open in a separate browser window because you will need to copy and paste information from the Azure portal to the Chronicle SOAR platform.

samlazure.

Configure Azure in Chronicle SOAR

  1. Navigate to Settings > Advanced > External Authentication.
  2. Create a new SAML provider.
  3. In the Provider Type menu, select Custom SAML Provider.
  4. Enter a provider name. This can be any name you want. For example, mycompany_Azure.

The other fields are filled using information from the Azure portal as follows:

IDP Metadata
  1. Return to the Azure portal.
  2. In the SAML Certificates section, locate the Federation Metadata XML field.
  3. Click Download and save the certificate.
  4. Return to the Chronicle platform.
  5. In the IDP Metadata field, upload the certificate you just got from the Azure platform.
Identifier
  1. Return to the Azure portal.
  2. In the Set up \ section, locate the Microsoft Entra Identifier field.
  3. Copy the data in the field.
  4. Return to the Chronicle platform.
  5. Paste the value into the Identifier field.
ACS URL
  1. Return to the Azure portal.
  2. In the Basic SAML Configuration section, locate the Sign On URL field.
  3. Copy the data in the field.
  4. Return to the Chronicle platform.
  5. Paste the value into the ACS URL field.
Provider Public Certificate
  1. Return to the Azure portal.
  2. In the SAML Certificates section, locate the Certificate (Base64) field.
  3. Click Download and save the certificate somewhere accessible.
  4. Return to the Chronicle platform.
  5. In the Provider Public Certificate field, upload the certificate you just got from the Azure platform.


  6. Legend

    Field Name in Chronicle SOAR Field Name in Microsoft Azure
    IDP Metadata Federation Metadata XML
    Identifier Microsoft Entra Identifier
    ACS URL Sign on URL
    Provider Public Certificate Certificate (Base64)