Azure Configuration

FSProtect can be integrated with the Azure SSO to simplify authentication. The following configurations must be completed for integration:

1. Create an Enterprise Application

• Go to https://portal.azure.com and log in.

• Navigate to Microsoft Entra ID > Enterprise applications.

• Click on "New application".

• Select "Create your own application".

• Provide a name for your app (e.g., fsprotect-SSO).

• Choose the option: "Integrate any other application you don’t find in the gallery (Non-gallery)"

• Click Create.

2. Set Up Single Sign-On (SAML)

• In the left menu of the application page, select Single sign-on or select Set up single sign-on after creating app.

• Choose SAML as the single sign-on method.

• You will now see multiple sections, including:

  • Basic SAML Configuration

  • Attributes & Claims

  • SAML Signing Certificate

  • Set up [App Name]

3. Configure Attributes & Claims

• In the Attributes & Claims section, click Edit.

• Review the default claims (such as email, givenname, surname, etc.).

• To add a custom claim:

  • Click Add new claim

  • Enter a Name (e.g., username)

  • Choose the appropriate Source (e.g., user attribute or transformation)

  • For user attributes, select from available directory attributes like user.mailnickname etc.

  • Click Save

• Do the same things for the role:

  • Enter a Name (e.g., username)

  • Choose the appropriate Source (e.g., user attribute or transformation)

  • For user attributes, select from available directory attributes like user.assignedroles etc.

4. Configure Basic SAML Settings

• Click Edit in the Basic SAML Configuration section.

• Fill in the required fields on the Basic SAML Configuration based on the Settings > SSO > SSO Details on the FSProtect.

5. Download SAML Metadata XML

• Scroll to the SAML Signing Certificate section.

• Locate the Federation Metadata XML link.

• Click Download.