Skip to content
  • There are no suggestions because the search field is empty.

How do I set up Single Sign-On with Microsoft Entra ID?

This article describes how to configure Single Sign-On (SSO) with Microsoft Entra ID in Security Center. SSO allows you to centralize user management with an identity provider (IDP) that supports SAML 2.0.

Create a Single Sign-On application in Microsoft Entra ID

  1. Log in to the Microsoft Entra admin center.
  2. Navigate to Identity > Applications > Enterprise applications.
  3. Click New application.
  4. Click Create your own application, enter a name for the application, select Integrate any other application you don't find in the gallery, and click Create.

Configure Single Sign-On in Security Center

  1. Log in to Security Center.
  2. Click the menu icon in the top right corner.
  3. Click Account settings.
  4. Click Single sign-on in the menu.
  5. Enable the Enabled toggle.
  6. Under IDP SAML configuration, select Manual.
  7. Copy the Login URL from your Microsoft Entra SSO application and enter it in the IDP login URL field.
  8. Copy the Microsoft Entra Identifier URL from your Microsoft Entra SSO application and enter it in the IDP entity ID/Metadata URL field.
  9. In Microsoft Entra ID, download the Certificate (Base64), open it with a text editor, copy the full content, including the header and footer, and enter it in the IDP certificate field.
  10. Uncheck Encrypt Assertion element.
  11. Click Save changes.

Tip: Make sure you paste the certificate in full, including the header and footer, and that all lines are continuous with no line breaks or spaces between them.

Configure Single Sign-On in the Microsoft Entra admin center

In your Security Center SSO settings, copy the following values from the Security Center section and enter them in the Basic SAML Configuration section of your Microsoft Entra application:

  • Customer login URL
  • Login callback URL
  • Metadata URL

Navigate back to the application overview and open the SAML Signing Certificate settings. Make sure the following values are set:

  • Signing option: Sign SAML response and assertion
  • Signing algorithm: SHA-256 or SHA-1

Configure user attribute mapping

In the User Attributes & Claims section of your Microsoft Entra application, the following fields are mandatory:

  • emailaddress
  • Unique User Identifier (also referred to as NameID)

Add the users or groups that should have access to Security Center by navigating to Users and groups in the left panel of your Microsoft Entra application.

Configure role mapping

By default, a user is assigned the lowest-privileged role, User, in Security Center. To assign the Superuser role, use Microsoft Entra roles and attribute mapping.

In the User Attributes & Claims section, click Add new claim and enter the following:

  • Name: userrole
  • Namespace: http://schemas.microsoft.com/ws/2008/06/identity/claims/role
  • Source attribute: user.assignedroles

Click Save.

The recommended approach is to create a unique role in Microsoft Entra ID using the supported role name. This role can then be assigned to users who should have the Superuser role in Security Center.

For more information, please contact our customer support.