<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=691116991096043&amp;ev=PageView&amp;noscript=1">
Skip to content
  • There are no suggestions because the search field is empty.

Configure SAML v2.0 on Microsoft Entra

This article covers setting up Single Sign-On (SSO) with Microsoft Entra, using the Gatekeeper Generic SAML v2.0 Connector.

 Restore Visibility

  Safeguard Compliance   

 Estimated Read Time: 6 Minutes

Sections in this article:


Configuration

Step 1: Prepare Gatekeeper for Configuration

  1. From the navigation menu, expand Settings, then click Configuration.
  2. Click Authentication.
  3. Select the Allow All Authentication Methods radio button.
  4. Click Save.

Note: Do not select the Require SAML 2.0 authentication radio button at this stage. Without configuring and testing this setting, you may lock yourself out of your Gatekeeper tenant.

If you have done this and locked your tenant, inform our Support team here.

Step 2: Set Up the Enterprise Application in Microsoft Azure

Note: If you have already set up an Enterprise Application while configuring SCIM, skip to Step 3.

  1. Log in to the Microsoft Azure Portal.
  2. Navigate to Enterprise Applications.
  3. Click New Application.
  4. Click Create your own application, then enter a name e.g. Gatekeeper.
  5. Select the Integrate any other application you don’t find in the gallery radio button, then click Create.
  6. From the navigation menu, click Single sign-on , then select SAML.
  7. From the SAML Certificates section, copy the App Federation Metadata Url.

Part 3: Complete Configuration in Gatekeeper

  1. Return to Gatekeeper, and from the navigation menu, expand Settings then click Configuration.
  2. Click Authentication, then click Configure SAML 2.0.configure saml
  3. Enter the App Federation Metadata Url that you copied earlier in the IDP metadata URL field.
  4. Click Create. Gatekeeper then generates required fields. Copy the following:
    1. Metadata url
    2. ACS (Assertion Consumer Service, Recipient) url
    3. Sso url
    4. Logout url

Part 4: Complete Configuration in Microsoft Entra 

  1. Return to Microsoft Entra, then click Edit in the Basic SAML Configuration box.
  2. Enter the fields copied from Gatekeeper into their respective fields, then save the configuration.
    1. Add the Metadata URL to Identifier (Entity ID)
    2. Add the ACS(Assertion Consumer Service, Recipient) url to Reply URL (Assertion Consumer Service URL)
    3. Add the Sso url to Sign on URL (Optional)
    4. Add the Logout url to Logout Url (Optional)

Verify that the certificate is now available in Microsoft Entra, indicating the SAML setup is complete.

It's recommended to test the SSO connection by logging out of Gatekeeper, then logging back in via SSO.

You can verify that users can log in successfully by checking their login history. To find this, from the navigation menu, expand Settings, then click Users. Click on a user's name, then go to the Logins tab.

Renew the SAML Certificate

If you need to replace the SAML certificate in Microsoft Entra, follow the steps below: 

  1. Navigate to the SAML settings page in Microsoft Entra.
  2. From the navigation menu, click Single sign-on
  3. Click Edit on the SAML Certificates section.
  4. Click New Certificate. This will invalidate the existing certificate and generate a new one.
  5. Click the Copy icon on the App Federation Metadata Url field.
  6. Return to Gatekeeper, then from the navigation menu, expand Settings and click Configuration.
  7. Click Authentication, then click Configure SAML 2.0.
  8. Paste the copied URL into the IDP metadata URL field, then click Update.
    1. Alternatively, click Delete, then Save. You can then paste the copied URL into the IDP metadata URL field, then click Create.

Gatekeeper will fetch and save the new certificate.