Setting Up Microsoft Entra (Azure AD)

This document outlines the steps required to set up Microsoft Entra (formerly Azure AD) SSO integration with StepSecurity.

Setup Instructions

Step 1: Create a New Enterprise Application

• Navigate to your Microsoft Entra Admin Portal.

• Create a new Enterprise Application.

• Name the application StepSecurity.

Step 2: Configure Single Sign-On

• After creating the application, go to the Single Sign-On section.

• Select SAML as the SSO method.

Step 3: Provide SAML Configuration

• On the StepSecurity App navigate to Admin Console → Security & Auth → Configure SSO → Micorosoft Entra ID

• Copy the values displayed there and provide them in the corresponding fields

Step 4: Add a Group Claim

Update Attributes & Claims to pass group information in the SAML assertion.

• Open Attributes & Claims → Add a group claim.

• Under Which groups select Groups assigned to the application.

• Set Source attribute to Cloud‑only group display names.

• Expand Advanced options.

  • (Optional) You may filter groups if you need to limit which ones are emitted.

• Enable Customize the name of the group claim and set Name to Groups.

• Click Save

• This enables StepSecurity’s SCIM-like functionality — for example, you can use Microsoft Entra groups and map them to roles in the StepSecurity dashboard for centralized access control.

Step 5: Exchange metadata and (optionally) configure IdP‑initiated access

• Download the IdP metadata file from the Entra SAML page and share it on the StepSecurity App.

• (Optional) For IdP‑initiated login to the StepSecurity Console:

  • To get your RelayState value go to the StepSecurity App and navigate to Admin Console → Security & Auth → Configure SSO → Microsoft Entra ID → Step 4

  
• In the Entra portal, paste that value into Relay State (Optional) under Basic SAML Configuration and Save.