Configuring SAML SSO with Azure AD

Steps

  1. Sign into the Microsoft Azure portal. The default welcome page opens.
  2. On the Azure services section, click the Azure Active Directory option. The Azure Active Directory page opens.
  3. From the left navigation pane, click the Enterprise applications option.
  4. On the Enterprise applications page, from the top bar, click the New application button. The Browse Azure AD Gallery page opens.
  5. Click the Create your own application button.
  6. Under the Create your own application dialog:
    1. In the What’s the name of your app? field, enter the name Forcepoint ONE Data Security.
    2. Select the Integrate any other application you don’t find in the gallery (Non gallery) radio button.
    3. Click the Create button.

      After a few minutes, a success message is prompted on the screen. The Forcepoint ONE Data Security application is created now.

  7. From the Forcepoint ONE Portal Enterprise Application page, on the left navigation pane select the Properties option.
  8. Scroll down the Properties dialog, set the Visible to users? toggle button to No. Click the Save button.
  9. From the left navigation pane, select the Overview option. The Overview dialog opens.
  10. Under the Getting Started section, in the Set up single sign on option, click the Get started button. The Single sign-on dialog opens.
  11. In the Select a single sign-on method section, click the SAML option. The SAML-based sign-on dialog opens.
  12. Open the Forcepoint ONE Portal portal, navigate to Settings > Advanced > External Identity Providers.
  13. Set the toggle button to Enabled.
  14. Under the STEP 1, you can copy the Single Sign On URL, Audience Restriction, and Tenant ID details.
  15. Under the Set up Single Sign-On with SAML section in Azure AD portal:
    1. In the Basic SAML Configuration section, click the Edit button on the top right corner. The Basic SAML Configuration dialog opens.
    2. In the Identifier (Entity ID) section:
      1. Click the Add identifier button to add a new row.
      2. In the Identifier (Entity ID) field, enter the Audience Restriction copied from Step 15.

    3. In the Reply URL (Assertion Consumer Service URL) section:
      1. Click the Add reply URL button to add a new row.
      2. In the Reply URL (Assertion Consumer Service URL) field, enter the Single Sign On URL copied from Step 15.

      3. Click the Save button on the top left corner.
    4. In the Attributes & Claims section, click the Edit button on the top right corner.
    5. On the Attributes & Claims dialog:

      You must delete the last three lines highlighted in the following image.

      1. In the Additional claims section, select the icon from a specific line, click the Delete button.

      2. On the Claim deletion dialog, click the OK button. Repeat step i and step ii to delete the other two lines.

      3. Click the Add new claim button on the top bar, the Manage claim page opens.

      4. In the Name field, enter tenantId and in the Source attribute field, enter the Tenant ID from the Forcepoint ONE Data Security cloud portal and click the Save button.

      5. Repeat step iii, in the Name field, enter name and in the Source attribute field, enter user.displayName and click the Save button.

    6. Under the SAML Certificates section, from the Federation Metadata XML field, click the Download button. The Federation Metadata XML file started to download.
  16. After a success message is prompted on the screen, open the Federation Metadata XML file in a notepad.
  17. Copy the Federation Metadata XML details from the notepad.
  18. Open your Forcepoint ONE Data Security portal, navigate to Settings > Advanced > External Identity Providers.
  19. Under the STEP 2, in the IDP metadata field, enter the copied Federation Metadata XML details.
  20. Click the Save button.
    Note: To login to the Forcepoint ONE Portal cloud portal using SAML SSO, provide access to users to the Forcepoint ONE Portal application within Azure app permission. If users have no designated permission, they will encounter an error while logging in.

Result

After a few minutes, the LOGIN WITH SAML SSO button appears on the Forcepoint ONE Portal portal sign-in page.