Integrating Microsoft Entra ID (Azure AD) SSO with Grip Security

  • Published on Jan 4, 2025
  • 2 minute(s) read
  • nT

Note:

NOTE: Microsoft Entra ID is the new name for Azure Active Directory (Azure AD).

Overview

Microsoft Entra ID Single Sign-On (SSO) allows users to log in once and gain access to multiple applications and services without needing to re-enter credentials, thus simplifying the user experience.

This article guides you through the process of integrating Microsoft Entra ID SSO with Grip Security, by creating an enterprise application in Azure and configuring the necessary settings in Grip Security.

Prerequisites

  • Active Azure account with Microsoft Entra ID Premium enabled.

  • Grip Security access with administrator permissions.

Integration steps

Step 1 - Create a New Enterprise Application

  1. Open the Access Azure Portal: https://portal.azure.com/

  2. Click Microsoft Entra ID on the home screen.
     EntraID Logo.png

  3. Click + Add and select Enterprise application from the dropdown list.
     Select_Enterprise_app.png

  4. Select Create your own application.
     create_own_app.png

  5. Enter “Grip Portal SSO" as the application name.

  6. Select Integrate any other application you don't find in the gallery (Non-gallery).

     nameapp.png

  7. Click Create to proceed to the application (Grip Portal SSO) page.

Step 2 - Configure SAML-Based SSO

  1. To access Single Sign-On Settings, click Set up single sign on.
     Set-up-sso.png

  2. Click SAML.
     select_SAML.png

  3. In the Basic SAML Configuration area, click Edit.
     EditSAML.png
    The Basic SAML Configuration window opens.
     BasicSAMLConfig.png

  4. Under Identifier (Entity ID) click Add Identifier and enter the value copied from the Grip Security portal.

  5. Under Reply URL (Assertion Consumer Service URL) click Add reply URL and enter the value copied from the Grip Security portal.

    To copy the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) values from the Grip Security portal, do the following:

    a. In Grip Security, click the user icon and select Admin Panel.

    b. Under SSO Provider click Add.

    c. Select Microsoft Entra ID SSO.

    d. Copy the contents of the Identifier (Identity ID) field and paste into the Identity ID field in Microsoft Entra ID SSO.

    e. Copy the contents of the Reply URL field and paste into the Reply URL (Assertion Consumer Service URL) field in Microsoft Entra ID SSO.

  6. Click Save.

  7. Select Edit in the Attributes & Claims section.
    EditSAML.png

  8. The Attributes & Claims window opens.
    attributes_and_claims_window.png

  9. To customize the Unique User Identifier (Name ID) claim, click the Unique User identifier (Name ID) to open the Manage claim window.

  10. In the Source section select Transformation.

  11. In the Manage transformation window, in the Transformation field, select ToLowercase() from the dropdown list.

  12. For Parameter 1 select Attribute.

  13. In Attribute name field, select user.userprincipalname from the dropdown list.
     manage_transformation.png

  14. Click Add and then Save.

  15. In the SAML Signing Certificate section, download the Federation Metadata XML file (this will be required when configuring SAML in the Grip Portal).
     MetadataXML.png

Step 3 - Configure Application Properties

  1. In the Grip Portal SSO Properties page, select Properties in the left panel.

  2. Set Enabled for users to sign-in to Yes.

  3. Select a logo for the application (optional).

  4. Set Visible to users to No.

  5. Click Save.
     GripPortalSSOProperties.png

  6. Select Users and groups in the left panel.

  7. To provision access to the Grip application for users and groups from your organization, click application registration.
     users_and_groups.png

  8. In the App roles window, click User.

  9.  In Edit app role window provision users and groups as required.
     edit-app-role-user.png

 Step 4 - Configure SAML in the Grip Portal

  1. In Grip Security, click the user icon and select Admin Panel.

  2. Under SSO Provider click Add.

  3. Select Microsoft Entra ID SSO.
     

  4. To upload the Federation Metadata XML file, scroll to the bottom of the page and click Upload File, select the XML file and click Submit.

    NOTE: We generated the Federation Metadata XML file previously in Microsoft Entra ID SSO. See: Step 2 - Configure SAML-Based SSO. 

Step 5 - Create a Linked Application in the User's Portal (optional)

  1. Create a New Enterprise Application by repeating the steps above in Step 1 - Create a New Enterprise Application.

  2. Name the new application Grip Portal.

  3. To configure Linked Single Sign-On, click Single sign-on on the left panel.

  4. Choose Linked.

  5. Enter the URL: https://:UseSecret<PREFIX>.dep.grip.security/

  6. Save the changes.

  7. To set Application Properties, select Properties from the left panel.

  8. Set Enabled for users to sign-in to Yes.

  9. Choose a logo for the application (optional)

  10. Set Visible to users to Yes.

  11. Click Save.

  12. To assign users and groups, click Users and Groups in the left panel.

  13. Provision access to the Grip application for users and groups from your organization.

Tip.

Create a security group and assign it to both the Linked application and the SAML SSO application to simplify user provisioning.

Summary

After following the procedure described in this article, you have integrated AzureAD SSO with Grip Security.

Related articles