Configure Single Sign-On in Microsoft Entra ID

This article describes how to configure single sign-on (SSO) in Microsoft Entra ID (formerly known as Azure Active Directory or Azure AD).

Introduction

Brinqa recommends configuring secure access to your Brinqa Platform, a process that involves two steps:

1. Build an allowlist, a select group of core users' external IP addresses, for local authentication. This helps to ensure that only authorized users can access the Brinqa Platform from trusted devices.

2. Obtain the metadata XML file and send a copy to your Brinqa Customer Success Manager (CSM). The metadata file is necessary to enable SSO authentication in conjunction with Brinqa and ensures that users can access the Brinqa Platform securely.

The remainder of this article illustrates the steps to obtain the metadata XML file in Microsoft Entra ID.

Set up SSO in Microsoft Entra ID

You must enable SSO in Microsoft Entra ID and download the metadata XML file.

Prerequisites

To configure SSO in Microsoft Entra ID, you need the following:

• An Azure AD user account with an Administrator role.

• A Microsoft Entra ID P1 or P2 license to assign groups, if you also want to configure just-in-time (JIT) provisioning.

Create an enterprise application

note

The steps may vary based on the Microsoft portal you are on. Please consult Microsoft documentation for accuracy.

To add a new enterprise application for Brinqa, follow these steps:

1. Log in to your organization's Microsoft portal as an Administrator.

2. Navigate to Enterprise applications > All applications.

3. Click Create your own application.

4. Enter a name for the application, e.g.: "Brinqa".

5. Under What are you looking to do in your application?, select the third option, Non-gallery, as shown in the screenshot:

   

6. Click Create.

Configure SSO in the enterprise application

To enable SSO for the enterprise application you've created for Brinqa, follow these steps:

1. Log in to your organization's Microsoft portal as an Administrator.

2. Navigate to the enterprise application you've created for Brinqa.

3. In the left menu, click Single sign-on, and then click Set up single sign on.

4. Under Basic SAML Configuration, click Edit to fill in the two required fields: Identifier and Reply URL.

   • Identifier: Enter https://<YourCompanyName>.brinqa.net/saml/metadata.

   • Reply URL: Enter https://<YourCompanyName>.brinqa.net/saml/SSO.

   where https://<YourCompanyName>.brinqa.net is the URL to your Brinqa Platform.

5. Under Attributes & Claims, keep the default settings.

6. After saving your changes, the configuration might resemble this screenshot:

7. Under SAML Certificates > Federation Metadata XML, click Download to save the file.

8. Email a copy of the metadata XML file to your Brinqa CSM.

   The metadata XML file contains information about your organization's SSO solution, such as SSO endpoints and public keys for signing and encrypting messages. Your Brinqa CSM uses this file to configure the connection between the Brinqa Platform (service provider) and Microsoft Entra ID (identity provider).

9. After the SSO connection has been established, change the login method to SAML in your Brinqa Platform to ensure successful login for all users.

   tip

   Brinqa recommends retaining a System administrator account in the Brinqa authentication method, which is to log in with a username and password, for troubleshooting and verification purposes.