Setting Up a SAML2 Connector with Microsoft Entra ID
This guide will help you configure Microsoft Entra ID to use Hydda ID for Single Sign-On (SSO) using SAML2.
Prerequisites
- Admin access to the customer's Microsoft Entra ID account.
- Access to Hydda ID's SAML settings.
- Metadata URL or XML file from Hydda ID.
Step 1: Access the Microsoft Entra ID Admin Console
-
Log in to the Customer's Microsoft Entra ID Admin Console:
- Open your web browser and go to portal.azure.com.
- Log in using the customer's Microsoft Entra ID admin credentials.
-
Navigate to the Enterprise Applications Section:
- From the Admin console Home page, click on the Menu icon (three horizontal lines) in the top-left corner to open the navigation menu.
- Select Azure Active Directory from the menu.
- Click on Enterprise applications under the Manage section.
-
Go to All Applications:
- In the Enterprise applications section, click on All applications.
Step 2: Add a Non-Gallery Application
-
Initiate Adding a Non-Gallery Application:
- Click on the New application button located at the top of the page.
- Select Create your own application.
-
Provide Application Details:
- Enter a name for your new application (e.g., "Hydda ID SSO").
- Select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create to proceed to the application configuration.
Step 3: Configure SAML Settings
-
Navigate to Single Sign-On:
- In the application overview page, click on Single sign-on under the Manage section.
-
Select SAML:
- Choose SAML as the single sign-on method.
Basic SAML Configuration
-
Enter Identifier (Entity ID):
- Enter the unique identifier for Hydda ID.
- Example:
urn:amazon:cognito:sp:eu-north-1_afO8g66RA.
-
Reply URL (Assertion Consumer Service URL):
- Enter the Assertion Consumer Service URL where Microsoft Entra ID will send the SAML responses.
- Example:
https://587924-hydda-idp-development.auth.eu-north-1.amazoncognito.com/saml2/idpresponse.
-
Sign on URL:
- Enter the URL where users are redirected when they initiate login from Microsoft Entra ID.
- Example:
https://example.com/login.
-
Relay State (Optional):
- If Hydda ID requires a specific relay state value, enter it here.
Click Save after filling out the details.
User Attributes & Claims
-
Add the necessary attribute mappings based on Hydda ID's requirements. Common attributes include:
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: Map to
user.givenname. - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname: Map to
user.surname. - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress: Map to
user.mail. - http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name: Map to
user.userprincipalname.
Click Save to apply the attribute mappings.
- http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname: Map to
SAML Signing Certificate
- Download the Federation Metadata XML:
- In the SAML Signing Certificate section, click on Download next to Federation Metadata XML.
- Save this file as it will be required for configuring Hydda ID.
Step 4: Assign Users and Groups
-
Navigate to Users and Groups:
- In the application overview page, click on Users and groups under the Manage section.
-
Add Users or Groups:
- Click on the Add user/group button.
- Select the users or groups you want to grant access to Hydda ID.
- Click Assign to complete the assignment.
Step 5: Configure Hydda ID
-
Provide the Federation Metadata XML:
- In the Hydda ID SAML settings, upload or provide the Federation Metadata XML file downloaded from Microsoft Entra ID.
-
Configure Attribute Mappings:
- Ensure that the attribute mappings in Hydda ID match the ones configured in Microsoft Entra ID.
-
Save the Configuration:
- Save the SAML settings in Hydda ID to complete the setup.
Troubleshooting Tips
- Ensure that the Identifier (Entity ID) and Reply URL (ACS URL) are correctly configured in both Microsoft Entra ID and Hydda ID.
- Review the attribute mappings to ensure they match the required fields in Hydda ID.
- If you encounter issues with user provisioning, verify that the necessary attributes are being passed correctly from Microsoft Entra ID to Hydda ID.
Customer Responsibilities
-
Provide Federation Metadata XML:
- Download the Federation Metadata XML file from Microsoft Entra ID and provide it to Hydda.
-
Assign Users and Groups:
- Assign the appropriate users and groups in Microsoft Entra ID who should have access to Hydda ID.
-
Test and Validate:
- Perform thorough testing to ensure that SSO is functioning correctly between Microsoft Entra ID and Hydda ID.
- Validate that user attributes are being passed correctly and users can access Hydda ID seamlessly.
On this page
- Setting Up a SAML2 Connector with Microsoft Entra ID
- Prerequisites
- Step 1: Access the Microsoft Entra ID Admin Console
- Step 2: Add a Non-Gallery Application
- Step 3: Configure SAML Settings
- Basic SAML Configuration
- User Attributes & Claims
- SAML Signing Certificate
- Step 4: Assign Users and Groups
- Step 5: Configure Hydda ID
- Troubleshooting Tips
- Customer Responsibilities