About Microsoft Entra ID SAML Integration
Microsoft Entra ID SAML integration in Iru Endpoint allows you to set up SAML-based SSO integration with Microsoft Entra ID, providing secure authentication for users accessing Iru Endpoint through their Microsoft Entra ID credentials.How It Works
When users attempt to access Iru Endpoint, they’re redirected to Microsoft Entra ID for authentication. After successful authentication, Microsoft Entra ID sends a SAML assertion back to Iru Endpoint, which validates the user’s identity and grants access to the platform.Note: Microsoft Entra ID is the new name for Azure AD (Azure Active Directory)
Setting Up the SAML Connection
1
Navigate to Settings
In Iru Endpoint, navigate to the Settings page.
2
Access Authentication Settings
Click the Access tab.
3
Add New Connection
Find the Authentication section and click the Add button at the bottom left of the authentication section.
4
Select SAML Connection
In the Add SSO Connection pane, select the Custom SAML option.
5
Continue Setup
Click Next.
6
Show Advanced Details
Select Show Advanced Details.
7
Copy Required URLs
Copy the Assertion Consumer Service URL and save it in a text document for later use.
8
Copy Entity ID
Copy the Entity ID and save it, too.
9
Keep Tab Open
Leave this browser tab open as you proceed with the instructions below.
Configuring Microsoft Entra ID Application
1
Access Microsoft Entra Admin Center
Sign in to the Microsoft Entra admin center.
2
Navigate to Identity
Open the portal menu and then select Identity.
3
Access Enterprise Applications
On the Identity menu, under Applications, select Enterprise Applications.
4
View All Applications
In the Manage section, select All applications.
5
Create New Application
Select New Application.
6
Create Custom Application
Select Create your own application.
7
Name the Application
Give the application a name.
8
Select Non-Gallery Option
Select Integrate any other application you don’t find in the gallery (Non-gallery).
9
Create Application
Click Create.
10
Access Single Sign-On
Under Manage, select Single sign-on.
11
Select SAML
Click SAML.
12
Edit Basic Configuration
Click the Edit pencil in the Basic SAML configuration box.
13
Configure Entity ID
Click the Add Identifier link in the Identifier (Entity ID) section. Paste the Entity ID that you copied earlier into the Identifier (Entity ID) field.
14
Configure Reply URL
In the Reply URL (Assertion Consumer Service URL) section, paste the Assertion Consumer Services URL that you copied earlier.
15
Save Configuration
Click Save.
16
Close Configuration
Click the X at the top right of the pane to close it.
17
Keep Default Claims
Leave the settings in the Attributes & Claims section set to their default.
18
Download Certificate
Click Download to download the Base 64 certificate in the SAML Certificates section. This certificate will be used in the Custom SAML configuration in Iru Endpoint.
19
Copy URLs
In the Setup [App Name] section, copy the Login URL and Logout URL and paste them into a secure text document for later use.
Assigning Users and Groups
1
Access Users and Groups
Under Manage, select Users and Groups.
2
Add User/Group
On the menu, select Add user/group.
3
Select Users and Groups
On the Add Assignment dialog, select the link under Users and groups.
4
Search and Select Users
A list of users and security groups is displayed. You can search for a certain user or group, as well as select multiple users and groups that appear in the list.
5
Confirm Selection
After you have selected your users and groups, select Select.
6
Assign Users and Groups
Select Assign to finish assigning users and groups to the app.
7
Verify Assignment
Confirm that the users and groups you added appear in the Users and groups list.
If you see a message about free tier limitations, it means that a free tier is being used. The Single Sign-On Enterprise App allows you to add users (not groups) only.
Configuring Iru Endpoint SAML Connection
1
Return to Iru Endpoint
Go back to the Custom SAML modal in Iru Endpoint.
2
Name the Connection
Give the connection a Name.
3
Add Sign In URL
Paste in the Sign In URL you copied from Entra ID.
4
Add Sign Out URL
Paste in the Sign Out URL you copied from Entra ID.
5
Upload Certificate
Upload the certificate you downloaded from Entra ID.
6
Verify User ID Attribute
Ensure that the User ID Attribute is set to the default value of:
7
Enable Sign Request
Ensure that Sign Request is set to Yes.
8
Set Request Algorithm
Ensure that the Request Algorithm is set to RSA-SHA256.
9
Set Digest Algorithm
Ensure that Sign Request Algorithm Digest is set to SHA 256.
10
Set Protocol Binding
Set the Protocol Binding to HTTP-POST.
11
Save Configuration
Click Save and then click Cancel to exit the configuration.
Enable the SAML Connection
Once you have configured the SAML connection in Iru Endpoint and your identity provider, you can enable it. For step-by-step instructions, please refer to the Enable and Manage a Connection section in our Single Sign-On support article.Enforcing Single Sign-On
Once you have configured at least one single sign-on connection, you can disable the standard authentication connection. Doing so will remove the ability for Iru Endpoint administrators in your tenant to authenticate via email/password, Google Sign in, or Office 365 Sign in.Considerations
Security: Ensure that your Microsoft Entra ID tenant has appropriate security policies configured for SSO authentication. User Management: Users must exist in both Microsoft Entra ID and Iru Endpoint to successfully authenticate via SSO. Testing: Always test the SSO integration with a small group of users before rolling out to your entire organization.Testing the Integration
1
Add User to Admin Team
Add a user to the Admin Team in Iru Endpoint by clicking New User.
2
Fill User Information
Fill in all of the corresponding user information. This user must exist in Microsoft Entra ID and must be assigned to the Iru Endpoint SSO app in your Microsoft Entra ID tenant.
3
Submit User
Click Submit.
4
Close Invite Window
Once the invite is submitted, close the Invite User window.
5
Refresh Access Page
Refresh the Access page in Iru Endpoint. You should see the user you just added.
6
Test SSO Login
Check the user’s email to accept the invitation and log into Iru Endpoint with the new SAML SSO connection.