Configuring Microsoft Entra ID with SAML 2.0
You can configure user authentication with Microsoft Entra ID as your IdP using SAML 2.0.
The users defined in Entra ID are automatically added to
the AtScale Identity Broker when they log in for the first time. All
users are added to the everyone
group, which includes the query_user
role. If you need to add users to other groups or assign them additional
roles, you must do so from within the Identity Broker. For more
information, see Managing Users with the Identity
Broker.
Prerequisites
This procedure assumes that you have an enterprise application set up for AtScale in Entra ID, and that it is configured with SAML 2.0. For more information, refer to the Microsoft Entra ID documentation.
Additionally, you must be logged in as an admin user.
Procedure
To configure user authentication using Microsoft Entra ID and SAML:
-
In AtScale, open the main menu and select Security. The Identity Broker opens.
-
Log in using your AtScale admin username and password.
-
Select the atscale realm if it is not already selected.
-
In the left-hand navigation, select Identity providers, then click SAML v2.0.
-
On the Add SAML provider page, complete the following fields:
- Redirect URI
- Alias
- Display name
- Service provider entity ID
-
Disable the Use entity descriptor setting.
-
In a new browser tab, log in to the Microsoft Entra admin center and download the appropriate Federation Metadata XML certificate.
-
In the Identity Broker, next to Import config from file, click Browse and select the certificate you just downloaded.
-
Click Add.
-
Click on the newly added IdP.
-
Enable the Store tokens and Stored tokens readable settings.
-
Click Save.
-
Test your configuration:
- Open a new browser window and navigate to your AtScale instance.
- Click Sign In in the top right corner. The Sign in to your account window appears.
- Click the option to log in with Entra ID and enter your credentials.