Setup SSO with Microsoft Entra

My OPSWAT Portal offers an integration with a 3rd-party Single Sign-on Service (SSO).

My OPSWAT Portal uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0), so that you can integrate easily with any large identity provider that supports SAML 2.0.

To get started, log into Microsoft Entra and create an application for My OPSWAT Portal . Details can be found here

1. Log into Microsoft Entra as an Administrator

2. Select Application > Enterprise applications > ”New Application”

3. Select “Create Your own Application”

4. Input Application Name into "What's the name of your app?" field and select “Integrate any other application you don't find in the gallery (Non-gallery)” > Click Create button

5. After the Create new application finished. In the middle of page, choose “Set up single sign on”

6. Select SAML method

7. At SAML Certificate > App Federation Metadata Url > Copy the XML file/URL. Exp for URL: https://login.microsoftonline.com/xxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxxxxxxx

8. 

9. Contact My OPSWAT support team via Support Service and provide all below info:

   • Ticket Summary: “Integrate Microsoft Entra with My OPSWAT Portal”

   • Description:

     • Customer Company Name:<your company name>
     • Domain name: <__opswat.com (It must be a valid domain, if not it will not be accepted)>

   • Short description for the request ticket:

     • How many users?

     • Do you have Organization?

       • No: please provide Organization name, email of the first Admin.(We will create an Organization and add the first Admin for this Org, then you can invite user to the Organization)
       • If Yes: skip this info

     • OPSWAT will redirect users to authenticate by the configured IDP based on provided domain or specific user. Do you have any specific users in IDP with different domain emails?

       • If No: skip this info
       • If Yes: Please provide a list user emails

     • The XML file/URL: <Which is downloaded from step #7>

10. Waiting response from Support Team, they will provide back to you Assertion Consumer Service URL (ACS Url) and Identifier (Entity ID). Exp for ACS url: https://id-api.opswat.com/saml/acs/{opswat_will_provide}

11. At “Basic SAML Configuration" session, Setup ACS Url and Entity ID with data is received from step #10

12. At Attribute & Claims session, Select Edit > Select Add new claim

13. Add below attributes:

    1. emailAddress with Source attribute = user.userprincipalname
    2. lastName with Source attribute = user.surname
    3. firstName with Source attribute = user.givenname

14. Now you need to assign people/groups who can access this application on Okta. On the left menu, select Users and groups to assign to this application.