LogoLogo
Archive
Archive
  • Introduction to Cymmetri Cloud 2.0
    • FAQ
      • Adding the Application
      • Supported Web Browsers
      • Forgot Password & Unlock Account
      • Cymmetri Error codes
      • Help
  • Getting Started with Cymmetri Cloud 2.0
    • What is Cymmetri?
    • Starting your Cymmetri Cloud 2.0 Trial
    • Accessing Cymmetri Cloud
    • First Time User Registration
    • Logging in as an end user
    • Setting up Multi-factor authentication rules for Login
  • Administration
    • Reports and Analytics
  • My Workspace
    • Getting Started
      • Introduction
      • Login with External Identity Provider - Social logins
    • How to use the My Workspace
      • Dashboard
      • My Access
      • Inbox
      • Team
      • Session Management
  • Application Management
    • FAQ
      • Support for Application Management
    • Getting Started
      • Introduction to Application Management
      • Adding Applications to be managed by Cymmetri
      • Assigning Applications to End Users
      • Configuring Connector Server
    • SSO How to
      • Configure Single Sign On
      • Configure SAML 2.0 Single Sign On
      • Configure API SSO
      • Configure OpenID Connect based Single SignOn
    • Provisioning How to
      • Azure Provisioning
      • Active Directory (AD) Provisioning
      • Google Apps (Workspace) Provisioning
      • LDAP Provisioning
      • Powershell Provisioning
      • REST Connector Provisioning
      • SCIM v2.0 Provisioning with Basic Authentication
      • SCIM 2.0 with Bearer Authentication
      • SCIM 2.0 with Fixed Bearer
      • Github Provisioning
    • Reconciliation How to
      • Configuring Reconciliation Process
  • Managing Users and Groups
    • Setting up Users and Groups
      • Create Users
      • Create Groups
      • Importing Users
      • Assigning Users to Groups
      • Setting up permissions for Delegation
  • Common Features
    • Features used throughout the Cymmetri Platform
      • Workflow Management
      • Configuring Webhooks
      • Multifactor Authentication (MFA)
  • Personalization
    • How to configure your tenant and personalize it
      • Adding new admins
      • Masters in Cymmetri
      • Personalize Notification Templates
      • Add Branding to your tenant
      • Adding Custom Attributes for User Object
  • Authentication
    • Identity Federation
      • Steps to Configure Azure AD as External IDP for Cymmetri
  • Governance
    • Access Certification
      • Setting up and managing Access Reviews
  • Additional Tools
    • Miscellanous Tools and Utilities
      • Password Filter
  • Privileged Access Management
    • PAM Administration
      • Introduction to Privilege Access Management (PAM)
      • How to Access PAM in Cymmetri
      • Sub-Sections of PAM
      • Steps to configure PAM Server
      • Adding a device/ server in PAM
      • Vault User
      • Vaulting Configuration
      • Break Glass Configuration
      • PAM Reports and PAM History
      • Dormancy Disable Config
    • PAM Usage
      • Assign a server to a user
      • Access the server
Powered by GitBook

Cymmetri.com

On this page

Was this helpful?

Export as PDF
  1. Authentication
  2. Identity Federation

Steps to Configure Azure AD as External IDP for Cymmetri

Last updated 1 year ago

Was this helpful?

Setting up Cymmetri Service Provider for External Identity Provider Configuration

Login into the Cymmetri Administration Console for the below configuration

Note: The user interface may differ but the configuration options will remain the same.

  1. Navigate to Service Provider.

  2. Click on “Add New”.

  3. Enter Cymmetri as Service Provider Name and the description, select Email as Name ID Policy dropdown and save the details. Your Service provider is created at this step, download the metadata(xml file) of the same.

  4. Navigate to External IDP in Identity Provider.

  5. Select Azure-IDP.

Configure Azure AD for Creating Identity provider configuration

  1. Now Login to Azure portal and select Azure Active Directory.

  2. Navigate to Enterprise applications and select New application.

  3. Create your own application and enter the name of the application.

  4. Set up Single Sign On after creating the application using SAML.

  5. Click on Edit basic SAML configuration.

  6. Add Identifier (Entity ID) and Assertion Consumer Service URL from the xml file downloaded in step 3 (For Azure, Sign on and ACS URL is the same) and save the configuration.

  7. Download the Certificate (Base64) from SAML Certificates.

Continue configuration of Identity Provider In Cymmetri Administration Console

  1. Copy Azure AD Identifier from Set up, navigate to azure-idp in Cymmetri and paste it in Entity ID. Similarly, copy login URL and paste it in Single Sign On Service URL in Cymmetri.

  2. Open the Base64 certificate downloaded in step 12, copy it and then paste it in x509Certifcate field in Cymmetri.

  3. Add Name and description and Select Identity Provider as Azure (External IDP) and mark the status as Active.

Assigning user to application in Azure Administration Console for allowing users to use Azure as External Identity provider

  1. Navigate to Enterprise applications and select the application you created in step 8.

Configuring JIT provisioning in Cymmetri Administration Console

  1. If JIT provisioning needs to be enabled for Azure AD as external Identity provider, we may set it up using the steps below.

  2. Navigate to JIT in external identity provider and enable JIT Configuration.

  3. The following fields are mandatory in Cymmetri - firstName, lastName, login, userType, displayName, and email.

  4. For Azure JIT configuration, the following mapping needs to be done -

    1. First Name -

      1. Cymmetri Field - firstName

    2. Last Name -

      1. Cymmetri Field - lastName

    3. Login (Username) -

      1. Cymmetri Field - login

    4. User Type -

      1. Application Field - any string

      2. Cymmetri Field - userType

      3. Default Value - <will be one of Employee, Vendor, Consultant>

    5. Display Name -

      1. Cymmetri Field - displayName

    6. Email Address -

      1. Cymmetri Field - email

In Azure Administration Console

Replace the text "<host-name>" as the URL of the Cymmetri deployment (e.g., ) "aktestidp.ux.cymmetri.in" in the destination field - "https://<hostName>/spsamlsrvc/samlSP/SingleSignOnService" as "spsamlsrvc/samlSP/SingleSignOnService".

Select the created service provider in the Service provider Id field dropdown and save the changes.

Navigate to Auth Rules in Cymmetri and select Add New

Click on Add Condition.

If you wish to set this Azure External Identity provider for users having email address ending with "@unotechsoft.com" then you may select condition as LoginPattern > Regular Expression and its value as (.)*(@unotechsoft.com)+$; and save the details.

Go to Users and groups and select Add user/group and add the user.

Application Field -

Application Field -

Application Field -

Application Field -

Application Field -

Login to cymmetri using Azure Email Address

The user will be redirected to the Azure portal to enter the Azure credentials.

Once the credentials have been entered properly in Azure portal, the user will be redirected back to Cymmetri and will be logged in successfully.

https://aktestidp.ux.cymmetri.in
https://aktestidp.ux.cymmetri.in/
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://schemas.microsoft.com/identity/claims/displayname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name