Partner Azure AD SCIM/SAML Integration

Partner Azure AD SCIM/SAML Integration

Exium’s Intelligent Cybersecurity Mesh provides secure access to distributed workforce and IoT devices, protecting businesses from malware, ransomware, phishing, denial of service, and botnet infections in one easy to use cloud service.

From single sign-on to enhanced user provisioning Azure AD Exium integration handles users and groups seamless access to Exium. Administrators can easily attach Exium security policy groups to Azure AD user groups. Unique features of this integration are

  • Simple steps to integrate Azure AD API with Exium
  • Push New Users from Azure AD to Exium
  • Push User Profile Updates from Azure AD to Exium
  • Push User Groups from Azure AD to Exium
  • Push User Deactivation from Azure AD to Exium
  • Reactivate Users from Azure AD to Exium
  • Single sign-on from Azure AD to sign-on to Exium

This note explains how to configure Azure AD Exium application settings and Exium Partner Portal settings so that Azure AD Users and User groups can be synced with Exium Partner portal in real time and SSO from Azure AD can be used to sign-on to Exium Service.

Following steps elaborate Azure AD SCIM API Integration with Exium

1. Add Exium app on Azure AD

In Azure AD, you can add Exium application in your Azure AD account by browsing Azure AD Gallery and search for Exium app. Click on Enterprise applications on left navigation bar on your Azure AD home page. On Enterprise applications page, Click on New application button as shown below.

As a next step, search for Exium in search application bar of Browse Azure AD Gallery. It’ll show Exium app with logo. Click on Exium app with Logo as shown below.

On Left Panel By default, application name is shown as Exium. If you wish to change the app name, change the Name field as shown below. Click on Create.

2. Setup SSO SAML on Azure AD Exium App

As a next step, Single Sign-on SAML has to be configured on Azure AD Exium app by filling-in  Identifier (Entity ID) and Reply URL. These two fields are available on Exium Partner Portal Sign-in settings page. SAML 2.0 IDP Metadata URL has to be copied from Azure AD Exium app and same has to be pasted in Exium. Following steps elaborate on this.

2.1 Copy Identifier (Entity ID) and Reply URL on Exium portal

On Exium Admin Console, Click on Settings box as shown below

 

On Settings page, Click on Sign-in tab and select Azure. Copy SAML 2.0 SSO URL and SAML 2.0 SP Entity ID one after other to paste in Azure AD Exium app as explained in next step.

2.2 Setup single sign on on Azure AD Exium app

Click on Get Started on Set up single sign On box under newly created Exium app as shown below.

 

Click on SAML box under Single sign-on page of Exium app as shown below.

Click on Edit icon on Basic SAML Configuration. On right panel of Basic SAML Configuration, click on Add Identifier and paste SAML 2.0 SP Entity ID (copied in step 2.1). Click on Add reply URL and paste SAML 2.0 SSO URL (copied in step 2.1). Enter https://service.exium.net/sign-in as Sign-On URL as shown below. Click Save.

3. Setup Azure AD as Sign-in Option on Exium Portal

As a next step, Sign-in option on Exium Portal has to be saved by filling-in SAML 2.0 IDP Metadata URL. This URL is available on Exium Azure AD app. Following steps elaborate on this.

3.1 Copy App Federation Metadata Url from Azure AD Exium app

Click on Copy to clipboard icon next to App Federation Metadata Url on SAML certificates section on Single sign-on page on Exium app as shown below. It’ll copy Workspace ID to clipboard.

 

3.2 Update Sign-in Settings on Exium Portal

Paste SAML 2.0 IDP Metadata URL (copied as App Federation Metadata Url in previous step) as shown below. Click on Save.

 

4. Provisioning Settings on Azure AD

For Azure AD SCIM Integration, SCIM Bearer Token has to be copied from Exium partner portal and same has to be pasted in Azure AD Exium app. Following steps elaborate this.

4.1 Copy SCIM Bearer Token on Exium

Click on SCIM tab under Profile page on Exium. Click on copy next to SCIM 2.0 Bearer Token as shown below. It’ll copy SCIM 2.0 Bearer Token to clipboard.

 

4.2 Update SCIM Bearer Token on Azure AD

Click on Provisioning tab under Exium app on Azure AD. Click on Get Started on Provision User Accounts box as shown below.

Click on Get Started as shown below

 

On Provisioning page, select Automatic as Provisioning Mode. Enter https://subapi.exium.net/scim as Tenant URL and paste SCIM 2.0 Bearer Token (copied in previous step) as Secret Token as shown below. Optionally, click on Test Connection to check if settings are correct and accepted. Click on Save.

 

As a next step, select On for Provisioning Status as shown below and Click on Save.

 

5. Assigning Users and User Groups on Azure AD

As a next step, you can assign users and groups to Exium app on Azure AD. This can be done whenever you wish to add more users or groups to Exium app. Click on Users and groups on left navigation bar under Exium app and Click on Add user/group as shown below.

 

On Add Assignment page, click on None Selected. On right side users and groups panel, you can search and select users and groups. Click Select as shown below.

 

Finally, Click on Assign

 

 

6. Check Users on Exium Partner Portal

All the users (individual and part of groups) assigned to Exium app on Azure AD are synced through SCIM to Exium. On Exium Admin Console, Click on Users box. Under Users page, you will see all the assigned users are synced from Azure AD to Exium partner portal.

 

7. Verify SSO on Exium Partner Portal

To Verify successful SSO Integration you can try login to Exium Partner Portal by entering Partner Tag name as shown below.

 

Since this workspace is integrated with Azure AD, Exium partner portal opens a browser tab for Azure AD SSO authentication. On Successful Azure AD SSO authentication, User gets logged in to Exium Partner Portal.

 

If you have any issue during integration, contact us at support@exium.net or raise a ticket on https://exium.net/help-center/

If you would like to see how Exium can help defend your organisation, contact us at hello@exium.net