Views:

Before you begin configuring Microsoft Entra ID, make sure of the following:

  • You are logged on the management console as DDI administrator.
  • You have obtained the metadata file from DDI.
    You can get it in the Deep Discovery Inspector management console going to Administration > Integrated Products/Services > SAML Authentication > Service Provider tab > Click Download Metadata.

Follow the instructions below to configure Microsoft Entra ID.

  1. Create a new application for DDI.
    1. Logon to Microsoft Entra ID portal, go to Home > Microsoft Entra ID.

      Azure Directory

    2. On the left navigation, click Enterprise applications.

      Enterprise Applications

    3. Create a new application by “Create your own application”.

      Azure AD Gallery

    4. Specify a display name for Deep Discovery Inspector, for example, “Deep Discovery Inspector”.
    5. Select Integrate any other application you don't find in the gallery (Non-gallery) then click Create.

      Create Your Own Application

  2. Upload DDI meta file.
    1. Once the application is created, the main page of the application will show up. Click Single sign-on on the left navigation.

      SSO

    2. Select SAML as the single sign-on method.

      SSO2

    3. On the Basic SAML Configuration section, upload the Deep Discovery Inspector metadata file by Upload metadata file and Save.

      Upload Metadata file

    4. Once the metadata file is successfully uploaded, the Identifier value gets auto populated in Basic SAML Configuration section textbox.
  3. Configure a group claim called DDI_GROUP.
    1. On the Attributes & Claims section, click Edit then select Add a group claim.

      Attributes and Claims

    2. For the associated group, it's recommended to select Groups assigned to the application to restrict the accessibility.
    3. For the Source attribute, choose sAMAccountName or Cloud-only group display names (It depends on its on-premise AD sourced or Microsoft Entra ID sourced).

      Source Attribute

       
      Microsoft Entra ID may not supported to emit nested group name for group claims.
       
    4. In Advanced options, check the Customize the name of the group claim option and name it to “DDI_GROUP” and then Save.

      Group Claims

    5. Make sure there is an additional claim called DDI_GROUP in the Attributes & Claims section.

      DDI Group User Group

  4. Assign a group to the application.

    In the section Users and groups on the left navigations, add the group which is authorized to sign on to Deep Discovery Inspector.

    Users and Groups

  5. The application should be set up. Export the Identity Provider metadata by clicking the Download link for the Federation Metadata XML in the SAML Certificates section.

    SAML Certificates

  6. Import Identity Provider information to DDI.
    1. Login to DDI web console.
    2. Navigate to Administration > Integrated Products/Services > SAML Authentication.

      SAML Authentication

    3. Click Add in the Identity Provider tab.
    4. In the popped-up model, upload the Metadata collected from Microsoft Entra ID.

      Identity Provider

    5. Specify a name for this Identity Provider then click Save.
  7. Add SAML account.
    The SAML Single Sign-On has been set up on DDI.

    Add SAML account following DDI Administrator's Guide > Chapter 6: Administration > Accounts > Adding a SAML Account.

Keywords: how to configure entra ID for DDI SAML Authentication, how to configure Azure AD DDI, how to create application and meta file for SSO update in DDI SAML Authentication,