Microsoft Entra

Below you can find a step by step tutorial on how to integrate Microsoft Azure Active Directory with MetaDefender Sandbox using the OpenID Connect protocol.

Prepare the MetaDefender Sandbox for the OAuth integration

Let’s prepare MetaDefender Sandbox SSO settings as follows:

  1. Go to Admin panel > Settings > Authentication on MetaDefender Sandbox page.

  2. Click on + Add Service button

  3. Fill in the Name (e.g. "MS Entra") and Service key (should be "entra") values

  4. Do not click Save yet, the remaining values will be filled in later

  5. Please note down the Redirect URI at the bottom of the form


Register application in Microsoft Entra ID

  1. Sign into Microsoft Entra ID and navigate to admin dashboard

  2. Go to App registrations and select New registration


  1. Let’s configure the application settings.

    1. Give the application a name. for example “MetaDefender Sandbox”. In the following examples we will use "OPSWAT Sandbox - Staging" as the application name

    2. Configure the Redirect URI (https://<host>:<port>/auth/signin/<service_key>/callback) - Use the value you noted down in the previous section.

Warning

Microsoft Entra ID supports only HTTPS protocol for redirect URI


  1. Note down Application (client) ID and Directory (tenant) ID of the newly created application as it will be needed in a later step

Generate Secret key for Entra ID SSO

Go to Certificates & Secrets and generate a new client secret string (also referred to as an application password). Record the client secret.

Warning

You will not be able to retrieve client secret at a later time because it will be hidden. You need to generate a new secret in this case.



Configure MetaDefender Sandbox for Entra ID SSO

Let’s configure MetaDefender Sandbox SSO settings using the information collected above

  1. Go to Admin panel > Settings > Authentication on MetaDefender Sandbox page.

  2. Click on + Add Service button

  3. Fill the form with the follows and save the form:

Field

Description

Example

Name

Integration name

MS Entra

Home page

First page after log in

https://sandbox.mycompany.com

Client ID

Application (client) ID , comes from Entra

1234-5678-90123-4567

Client secret

Comes from Entra

abcd1234!%#

Order

The order of authentication can be specified

1

Active

Enable or disable the authentication

on

Base URL

Service base url

https://login.microsoftonline.com

Path

Service URL postfix. Format should be:

/<tenant_id>/v2.0/.well-known/openid-configuration

Tenant id comes from Entra: Directory (tenant) id

/12314/v2.0/.well-known/openid-configuration

Service Key

Is used internally in our app and in redirect URI

entra


Login as an Entra organization admin

Depending on Entra ID configuration, and organization admin should approve/allow a new application beforehand.

Log in to MetaDefender Sandbox SSO with the Entra ID administrative account and accept the newly created application:



Testing the integration

  1. Log out of MetaDefender Sandbox

  2. You will notice that there is a new Sign In with SSO button on the login page


  1. Click Sign In with SSO. You should be redirected to Microsoft Entra ID to login. Once logged in, you will be redirected back to MetaDefender Sandbox and automatically logged in.

Warning

In some cases, the following warning might be displayed even though the login is successful. This is a known issue and will be fixed in the next version of the product.