Configuring Neo cloud portal with Azure

Steps

  1. Sign in to the Microsoft Azure portal. The default welcome page opens.
  2. On the Azure services section, click the Azure Active Directory option. The Azure Active Directory page opens.
  3. From the left navigation pane, click the Enterprise applications option.
  4. On the Enterprise applications page, from the top bar, click the New application button. The Browse Azure AD Gallery page opens.
  5. Click the Create your own application button.
  6. Under the Create your own application dialog:
    1. In the What’s the name of your app? field, enter the name Forcepoint Neo.
    2. Select the Integrate any other application you don’t find in the gallery (Non gallery) radio button.
    3. Click the Create button.

      After a few minutes, a success message is prompted on the screen. The Forcepoint Neo application is created now.

  7. After clicking the Create button, the Forcepoint Neo Enterprise Application page opens.
  8. From the left navigation pane, select the Properties option.
  9. Scroll down the Properties dialog, set the Visible to users? toggle button to No. Click the Save button.
  10. From the left navigation pane, select the Overview option. The Overview dialog opens.
  11. Under the Getting Started section, in the Set up single sign on option, click the Get started button. The Single sign-on dialog opens.
  12. In the Select a single sign-on method section, click the SAML option. The SAML-based sign-on dialog opens.
  13. Open the Neo cloud portal, navigate to Settings > Advanced > External Identity Providers.
  14. Set the toggle button to Enabled.
  15. Under the STEP 1, you can copy the Single Sign On URL, Audience Restriction, and Tenant ID details.
  16. Under the Set up Single Sign-On with SAML section:
    1. In the Basic SAML Configuration section, click the Edit button on the top right corner. The Basic SAML Configuration dialog opens.
    2. In the Identifier (Entity ID) section:
      1. Click the Add identifier button to add a new row.
      2. In the Identifier (Entity ID) field, enter the Audience Restriction from the Neo cloud portal.

    3. In the Reply URL (Assertion Consumer Service URL) section:
      1. Click the Add reply URL button to add a new row.
      2. In the Reply URL (Assertion Consumer Service URL) field, enter the Single Sign On URL from the Neo cloud portal.

      3. Click the Save button on the top left corner.
    4. In the Attributes & Claims section, click the Edit button on the top right corner.
    5. On the Attributes & Claims dialog:

      You must delete the last three lines highlighted in the following image.

      1. In the Additional claims section, select the icon from a specific line, click the Delete button.

      2. On the Claim deletion dialog, click the OK button. Repeat step i and step ii to delete the other two lines.

      3. Click the Add new claim button on the top bar, the Manage claim page opens.

      4. In the Name field, enter tenantId and in the Source attribute field, enter the Tenant ID from the Neo cloud portal and click the Save button.

      5. Repeat step iii, in the Name field, enter name and in the Source attribute field, enter user.displayName and click the Save button.

    6. Under the SAML Certificates section, from the Federation Metadata XML field, click the Download button. The Federation Metadata XML file started to download.
  17. After a success message prompted on the screen, open the Federation Metadata XML file in a notepad.
  18. Copy the Federation Metadata XML details from the notepad.
  19. Open the Neo cloud portal, navigate to Settings > Advanced > External Identity Providers.
  20. Under the STEP 2, in the IDP metadata field, enter the copied Federation Metadata XML details.
  21. Click the Save button.
    Note: To login to the Neo cloud portal using SAML SSO, provide access to users to the Forcepoint Neo application within Azure app permission. If users have no designated permission, they will encounter an error while logging in.

Result

After a few minutes, the LOGIN WITH SAML SSO button is appeared on the Neo cloud portal sign-in page.