Azure AD integration with ConcealBrowse Azure AD integration with ConcealBrowse

Azure AD integration with ConcealBrowse

Description

In order to integrate Azure AD with ConcealBrowse and leverage Single Sign-On(SSO) within your organization, you will first need to make sure that you have an application created in Azure AD, configured that application for SSO, and uploading data into the Conceal dashboard. This guide will outline all of these steps.

Applies to

  • Azure AD

Before you begin

Important!

- You can only set SSO up with one domain and use that domain to login (ex: if you set it up with @example.com, only @example.com domains will be allowed via SSO, no variations such as @examples.com would be allowed)

- You need to be logged into the Conceal dashboard with the same domain you plan to set up with SSO (Ex: john@example.com would need to be logged in to upload the data to the Conceal dashboard. john@examples.com would not work if you are configuring the SSO for john@example.com)

- You do not need to add users in the Conceal dashboard prior to this process. Once the configuration is complete and the user logs into either the extension or the dashboard using SSO, they will automatically be added to the dashboard.

Procedure

Setting up a new application in Azure

  1. Please follow Azure's documentation on setting up a new application: Create a new application in Azure

Configuring Application for SSO

  1. Open your web browser and log into the Conceal Dashboard at dashboard.conceal.io, login if necessary.
  2. In the left hand menu, click the section labeled Settings.
  3. Click the dropdown arrow on the right next to SAML Single Sign On and choose the option labeled Azure AD.
  4. You will need the Identifier and the Reply URL listed here to enable SSO in Azure. You will use these in steps below.
  5. Make sure the attributes and claims match your attributes and claims section in your Azure instance. 
  6. Once you have configured an application in Azure AD, in a new tab navigate and login into your Azure portal at portal.azure.com. Click on the button labeled View in the Manage Azure Active Directory tile
    Manage_Azure.png
  7. In the left hand menu, select Enterprise Applications. The All applications pane opens and displays a list of the applications in your Azure AD tenant.
    Enterprise_Apps.png
  8. You can type in the search bar or choose from the list for your application where you want to configure the SSO integration. Locate and select the correct application.
    Select_App.png
  9. Once you have opened the application, on step 2. Set up single sign on click Get Started.
    Get_started.png
  10. In the next screen, choose the tile labeled SAML.
    SAML.png
  11. In the Basic SAML configuration box, in top right click Edit.
  12. This is where you will need to enter the two required values from your Conceal Dashboard from step 4. Click the blue text Add Identifier to add a value in the box. From your Conceal dashboard, copy the Identifier and paste into the Identifier box.
    Identifier.png
  13. Next you will click the blue text Add Reply URL. From your Conceal dashboard, copy the Reply URL and paste into the Reply URL box.
    Reply_URL.png
  14. In the top left click Save.
  15. Review Attribute's and Claims, the default settings are appropriate for most organizations. If your organization's user.userprincipalname and user.mail attributes differ, then you will need to change the Unique User Identifier from user.userprincipalname to user.mail.
    1. Example of differing attributes: user.userprincipalname is UniqueID@conceal.io and user.mail is firstname.lastname@conceal.io.
  16. Next you will need to download the metadata file. Scroll down to section 3 labeled SAML Certificates. You will see Federation Metadata XML. Click Download next to that and this will give you the SAML needed to add into your Conceal Dashboard. You can either download or copy and paste this information, but keep it in a safe place as you will need it to integrate with ConcealBrowse.
  17. You will need to add users to your group in order for the configuration to be successful.
    Federation_Metadata.png
  18. Then you need to upload the SAML Metadata document that you downloaded into the Conceal dashboard. You can copy and paste this into the area or you may upload it by clicking the button labeled Upload SAML Data.
    Upload_Meta.png
  19. Once the SAML Metadata is uploaded, click the button labeled Configure SSO Provider.
    Configure_SSO.png
  20. You should now have Azure AD integrated with ConcealBrowse!


    *Never hesitate to contact your Customer Success Manager for any questions or concerns. You may also open a support ticket at support.conceal.io by scrolling to the bottom and clicking Submit a request.