Microsoft Entra ID SSO

Configure Single Sign-On (SSO) with Microsoft Entra ID to secure access to Asset Panda. This setup allows you to sign in with Microsoft Entra ID credentials, enhancing security and simplifying user access management.

Prerequisites

To configure SSO between Asset Panda and Microsoft Entra ID, ensure the following details are available:

• Administrative access to Microsoft Entra ID

• Entity ID and Reply URL provided by Asset Panda

• Access to the Enterprise Applications section in Microsoft Entra ID

Search or Create an Enterprise Application

To set up SSO, search for or create an Enterprise Application in Microsoft Entra ID:

1. Sign in to the Microsoft Entra ID portal.

2. Search for Microsoft Entra ID in the search bar and open it.

3. Go to Microsoft Entra ID > Enterprise Applications.

4. Search for and open the application.

5. If there is no application, create a new one:

   1. Click New application.

   2. Choose Create your own application.

   3. Enter a name and select Integrate any other application you don’t find in the gallery (Non-gallery).

   4. Click Create.

Configure SAML-based Single Sign-On

To configure the SSO settings between Asset Panda and Microsoft Entra ID:

1. In the Enterprise Applications, select Single Sign-On and choose SAML.

2. Edit the Basic SAML Configuration.

   1. Enter the Identifier (Entity ID) as urn:amazon:cognito:sp:us-east-1_4jHsDgxlC

   2. Enter the Reply URL (Assertion Consumer Service URL) as https://ap-pioneer-951730251621.auth.us-east-1.amazoncognito.com/saml2/idpresponse

   3. Click Save.

3. Edit User Attributes & Claims:

   1. Ensure the email address claim is mapped

   2. Add a new claim if necessary:

      1. Set the Name to the email address.

      2. Set the Source Attribute to user.mail.

      3. Save the claim.

4. Download the SAML Metadata File:

   1. Go to the SAML Signing Certificate section.

   2. Select Download next to Federation Metadata XML.

   3. Use this file to complete the Microsoft Entra ID Integration setup with Asset Panda.

Assign Users and Groups

1. In the Enterprise Applications, go to Users and Groups.

2. Click Add user/group.

3. Choose the users or groups to enable SSO.

4. Click Assign.

Assigned users can access Asset Panda through SSO.

Complete the Microsoft Entra ID Integration Setup with Asset Panda

1. Return to Enterprise Applications and verify that the correct tenant is selected.

2. Ensure that all necessary users are assigned to Users and Groups.

3. Upload the downloaded SAML Metadata File to Asset Panda to complete the integration.

4. Test the setup to confirm users can sign in using their Microsoft Entra ID credentials.

Microsoft Entra ID Integration with Asset Panda is now complete. Assigned users can sign in with their Microsoft Entra ID credentials. If any issues arise, verify the setup, permissions, and assigned users.

Uploading the SAML Metadata File to Asset Panda

To complete the SSO setup, upload the SAML Metadata File in Asset Panda:

1. Log in to Asset Panda as an admin.

2. Go to Settings > Preferences > Single sign-on (SSO) in Asset Panda.

3. Click Add new SSO.

4. Choose the Enable Type: This setting determines who can access Asset Panda through SSO based on your organization’s requirements:

   • Enable for all users: Enables SSO for all users in your organization, allowing them to authenticate using their Microsoft Entra ID or other identity provider credentials.

   • Enable for selected domains: Restricts SSO to users with email addresses from specific domains.

   • Disable for all users: Disables SSO for all users, preventing authentication via Microsoft Entra ID or other identity provider credentials.

5. Enter a Connection Name. This name will appear during the login process.

6. Upload the downloaded Metadata XML file. This file contains the necessary configuration to establish a secure connection between Asset Panda and your identity provider for SSO.

7. Click Save to complete the configuration.