Views:

Prerequisites

Before you begin configuring Azure AD, make sure that:

  • You have a valid subscription with an Azure AD edition license (Free, Basic, or Premium) that handles the sign-in process and eventually provides the authentication credentials to the Cloud App Security management console.
  • You are logged on to the management console as a Cloud App Security global administrator.

Using Azure AD Premium Edition

  1. Sign in to the Azure management portal at https://portal.azure.com using your Azure AD administrator account.
  2. On the Microsoft Azure main page, click Azure Active Directory.
  3. From the left navigation, go to Enterprise applications > New application.

    Configure SSO

  4. If the Browse Azure AD Gallery (Preview) screen opens, click Click here to switch back to the legacy app gallery experience.

    Configure SSO

  5. Under Add an application, click Non-gallery application.

    Configure SSO

  6. Under the Add your own application area that appears, specify the display name for Cloud App Security in the Name text box (e.g. Trend Micro Cloud App Security) and then click Add.

    The Overview screen of the newly added application should appear.

    Configure SSO

  7. Under the Getting Started area, click Set up single sign-on.
  8. Select SAML as the single sign-on method.
  9. On the SAML-based Sign-on screen, click the Edit icon, specify the following for your Cloud App Security tenant into Azure AD on the Basic SAML Configuration screen that appears, and then click Save.

    The configuration should look like this:

    Configure SSO

  10. On the Cloud App Security Console, go to Administration > Single Sign-On Settings and then configure the general settings for single sign-on:
    1. Select "Enable SSO".
    2. Select the identity provider in Identity Provider.
    3. Specify the service URL.
       
      Depending on the Azure AD, it's the AD FS or Okta you configured.
    4. Specify the application identifier.
       
      Depending on the Azure AD, it's the AD FS or Okta you configured.
      1. Go to the Overview screen and record Application ID under the Properties screen. This is also referred to as Application Identifier on the Cloud App Security management console.

        Configure SSO

      2. Click Single sign-on and record Login URL under the Set up <Your application name> area. This is also referred to as Service URL on the Cloud App Security management console.

        Configure SSO

      3. Under SAML Signing Certificate, click Certificate (Base64) to download a certificate file for Azure AD signature validation on Cloud App Security when it receives SAML tokens issued by Azure AD.

        Configure SSO

         
        If a new SAML certificate is needed, refer to Creating a new SAML certificate in Microsoft Azure AD.
         
    5. Click Save.
  11. From the left navigation, click Users and groups and then Add user/group.
    1. Under Add Assignment, click Users or Users and groups based on your Active Directory plan level.
    2. Under the Users or Users and groups area that appears, select the users or groups to allow single sign-on to the Cloud App Security management console, click Select and then Assign.
    3. Click Single sign-on from the left navigation and then click Test at the bottom of the screen.
  12. On the Test single sign-on with <your application name> screen that appears, click Sign in as current user or Sign in as someone else if necessary.
Keywords: configure SSO, Azure AD Premium Edition, configure Azure AD, SSO Azure