Setup SSO with Microsoft Entra
My OPSWAT Portal offers an integration with a 3rd-party Single Sign-on Service (SSO).
My OPSWAT Portal uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0), so that you can integrate easily with any large identity provider that supports SAML 2.0.
To get started, log into Microsoft Entra and create an application for My OPSWAT Portal . Details can be found here
Log into Microsoft Entra as an Administrator
Select Application > Enterprise applications > ”New Application”
Select “Create Your own Application”
Input Application Name into "What's the name of your app?" field and select “Integrate any other application you don't find in the gallery (Non-gallery)” > Click Create button
After the Create new application finished. In the middle of page, choose “Set up single sign on”
Select SAML method
At SAML Certificate > App Federation Metadata Url > Copy the XML file/URL. Exp for URL: https://login.microsoftonline.com/xxxxxxx/federationmetadata/2007-06/federationmetadata.xml?appid=xxxxxxxx
Contact My OPSWAT support team via Support Service and provide all below info:
Ticket Summary: “Integrate Microsoft Entra with My OPSWAT Portal”
Description:
- Customer Company Name:<your company name>
- Domain name: <__opswat.com (It must be a valid domain, if not it will not be accepted)>
Short description for the request ticket:
How many users?
Do you have Organization?
- No: please provide Organization name, email of the first Admin.(We will create an Organization and add the first Admin for this Org, then you can invite user to the Organization)
- If Yes: skip this info
OPSWAT will redirect users to authenticate by the configured IDP based on provided domain or specific user. Do you have any specific users in IDP with different domain emails?
- If No: skip this info
- If Yes: Please provide a list user emails
The XML file/URL: <Which is downloaded from step #7>
Waiting response from Support Team, they will provide back to you Assertion Consumer Service URL (ACS Url) and Identifier (Entity ID). Exp for ACS url: https://id-api.opswat.com/saml/acs/{opswat_will_provide}
At “Basic SAML Configuration" session, Setup ACS Url and Entity ID with data is received from step #10
At Attribute & Claims session, Select Edit > Select Add new claim
Add below attributes:
- emailAddress with Source attribute = user.userprincipalname
- lastName with Source attribute = user.surname
- firstName with Source attribute = user.givenname
Now you need to assign people/groups who can access this application on Okta. On the left menu, select Users and groups to assign to this application.
Admin must manually invite the user to Organization after they single signed in My OPSWAT Portal
If user is created without emailAddress, lastName, firstName info on Microsoft Entra, the user cannot single sign-on My OPSWAT Portal.