Setting Up Microsoft Entra (Azure AD)

This document outlines the steps required to set up Microsoft Entra (formerly Azure AD) SSO integration with StepSecurity.

Setup Instructions

Step 1: Create a New Enterprise Application

  • Navigate to your Microsoft Entra Admin Portal.

  • Create a new Enterprise Application.

  • Name the application StepSecurity.

Step 2: Configure Single Sign-On

  • After creating the application, go to the Single Sign-On section.

  • Select SAML as the SSO method.

Step 3: Provide SAML Configuration

  • In the SAML Basic Configuration, enter the following values:

Identifier (Entity ID)

urn:amazon:cognito:sp:us-west-2_PGbAJDNzx

Reply URL (Assertion Consumer Service URL)

https://login.app.stepsecurity.io/saml2/idpresponse

  • Leave all other properties with their default values unless specified otherwise.

  • (Optional) For Idp initiated login we can add the Default RelayState:

identity_provider=<IDP_NAME_IN_COGNITO>&client_id=<COGNITO_CLIENT_ID>&redirect_uri=https%3A%2F%2F.stepsecurity.io%2Fauth%2Fcognito%2Fcallback&response_type=code&scope=email+openid+phone+profile

Step 4 Add a Group Claim

Update Attributes & Claims to pass group information in the SAML assertion.

  • Open Attributes & Claims → Add a group claim.

  • Under Which groups select Groups assigned to the application.

  • Set Source attribute to Cloud‑only group display names.

  • Expand Advanced options.

    • (Optional) You may filter groups if you need to limit which ones are emitted.

  • Enable Customize the name of the group claim and set Name to Groups.

  • Save.

Step 5: Exchange metadata and (optionally) configure IdP‑initiated access

  • Download the IdP metadata file from the Entra SAML page and share it with StepSecurity.

  • (Optional) For IdP‑initiated login to the StepSecurity Console:

    • Contact StepSecurity to obtain your RelayState value (or construct it using the template above).

    • In the Entra portal, paste that value into Relay State (Optional) under Basic SAML Configuration and Save.

Last updated

Was this helpful?