Configure Single Sign-On for Microsoft Entra ID

Configure Single Sign-On (SSO) access from your Microsoft Entra ID (formerly known as Azure Active Directory) tenant to Identity Security Posture Management (ISPM) using a Microsoft Entra ID enterprise app integration. To do this, there are several tasks that you need to complete:

Copy your tenant name

  1. Sign in to the Microsoft Azure portal using an account that has permission to manage apps.
  2. If you have access to multiple tenants, go to Settings Directories + subscriptions to select the tenant where you want to register the ISPM app.
  3. Copy your Tenant name and store it safely.

Register ISPM in Microsoft Entra ID

  1. In the Microsoft Azure portal, search for and select Microsoft Entra ID.

  2. Click Add, and then select App registration.

  3. Enter a name for your app, for example ISPM Login.

  4. Set Supported account types as Accounts in this organizational directory only. If you have a multi-tenant AAD, select Accounts in any organizational directory.

  5. Select Web as the Redirect URI, and enter https://spera.us.auth0.com/login/callback as the callback URL.

  6. Click Register.

Copy the application ID

  1. Go to the Overview page.
  2. Copy the Application (client) ID and store it safely.

Copy the client secret

  1. Go to Manage Certificates & secrets Client secrets.
  2. Click New client secret:
    1. Enter a description.
    2. Select 24 months as the expiration.
  3. Click Add

  4. Copy the Value and store it safely.

This value isn't displayed again and can't be retrieved by other means. It's referred to as the client secret going forward.

Configure your app

  1. In the Microsoft Azure portal, search for and select Microsoft Entra ID.
  2. Go to Manage Enterprise applications All applications.
  3. Search and select the app that you registered.
  4. Go to Manage Properties.
  5. Set Assignment required? to Yes to only allow users who are assigned to the app to access it.
  6. From the left menu, select Users and groups and assign users or groups to allow them to access the app. See Microsoft help.

Share the parameters with ISPM

  1. In the Identity Security Posture Management console, go to SettingsUser management.
  2. Select Configure AAD SSO.
  3. Enter the following information:
    • Tenant name (the tenant primary domain
    • Application (client) ID
    • Client secret
  4. Click Submit.