Team: Huntress Managed Endpoint Detection and Response (EDR)
Product: Security Assertion Markup Language Microsoft Azure
Environment: Azure.com and Huntress.io portals
Summary: Setting up SAML SSO for Microsoft Azure
This guide is for setting up SAML SSO with Microsoft Azure and Huntress. For known limitations and caveats of our SAML, please see SAML SSO
- Log in to portal.azure.com with your corporate credentials
- Click on "Enterprise applications" (you can search for it at the top if you don't see it on the home page)
- Click "+ New Application"
- Click "+Create your own application"
- Give it a name and select "Integrate any other application you don't find in the gallery (Non-gallery).
- Click "Create"
- Choose "Set up Single sign-on"
- Choose "SAML"
-
Basic SAML Configuration:
Identifier: https://huntress.io/sso/metadata Reply URL: https://huntress.io/sso/auth Sign on URL: https://huntress.io/sso - User Attributes & Claims (these should be the default values)
- This is what you should see on the SAML page for your newly created Enterprise app:
Note: You'll need to add users (or user groups) to the Enterprise app for Huntress before they'll be able to log into Huntress using Azure SSO.
Huntress Configuration
- Log into your Huntress Account with admin credentials.
- Go to your Account settings
- Click "Setup SAML SSO"
- You'll need to enter details from Azure into Huntress:
SSO Service URL "Login URL" - Starts with "https://login.microsoftonline.com/" Entity ID (URL) "Microsoft Entra Identifier" - Starts with "https://sts.windows.net/" Certificate "Certificate (base64) - Click the "download" button and copy&paste it's contents into the Huntress dialog box - Click "Save."
Test
- In your Azure Portal click the "test" button
- Click "sign in as current user" (or other user if you prefer)
- You'll be sent to the Huntress SSO login screen (huntress.io/sso). Enter your corporate email.
- You'll be redirected to your corporate logon page (Azure in this case). If you are only signed into one account, you'll automatically be logged in. If you are signed into multiple accounts you will need to pick which one to sign into.
- If the test was successful you will be redirected back to the Azure setup page with a success message:
- You can now SSO into Huntress via https://huntress.io/sso
If you're running into troubles you may need to send the SAML response to Huntress Support in order for us to troubleshoot. This Chrome add-on can help. Firefox add-on also available here.