search
PricingInstall StepSecurity AppLogin

Setting Up Microsoft Entra (Azure AD)

This document outlines the steps required to set up Microsoft Entra (formerly Azure AD) SSO integration with StepSecurity.

You can follow this interactive demo to get started with setting up Microsoft Entra SSO:

hashtag
Setup Instructions

hashtag
Step 1: Configure SAML Settings

  • On the StepSecurity App navigate to Admin Console → Security & Auth → Configure SSO → Microsoft Entra ID

  • Copy the values displayed here

hashtag
Step 2: Create a New Enterprise Application

  • Navigate to your Microsoft Entra Admin Portal.

  • Create a new Enterprise Application.

  • Name the application StepSecurity.

hashtag
Step 3: Configure Single Sign-On

  • After creating the application, go to the Single Sign-On section.

  • Select SAML as the SSO method.

hashtag
Step 4: Provide SAML Configuration

  • Paste the values you obtained from the StepSecurity App into the corresponding fields

hashtag
Step 5: Add a Group Claim

We recommend creating dedicated Microsoft-Entra groups for StepSecurity, such as StepSecurity-Administrators and StepSecurity-Auditors. Follow the instructions below to set them up:

chevron-rightHow to Setup StepSecurity Microsoft Entra Groupshashtag

  1. Navigate to the Admin Console in your Microsoft Entra dashboard and select Groups

  1. Click "New group"

  1. Give the group an appropriate name and description, add members, and assign an owner

  1. Create two groups: one for StepSecurity Administrators and another for StepSecurity Auditors

  1. To add the groups you just created to the application, go to the "Users and groups"

  1. Click "Add user/group"

  1. Select the two groups you just created and assign it to the application

Update Attributes & Claims to pass group information in the SAML assertion.

  • Open Attributes & Claims → Add a group claim.

  • Under Which groups select "Groups assigned to the application"

  • Set Source attribute to Cloud‑only group display names.

  • Expand Advanced options and add a filter to restrict the group to names that start with “StepSecurity-”

  • Enable Customize the name of the group claim and set Name to Groups.

  • Click Save

triangle-exclamation

You should only pass StepSecurity groups to the StepSecurity platform. If the app passes all group memberships, it may exceed the maximum request body size.

  • This enables StepSecurity’s SCIM-like functionality — for example, you can use Microsoft Entra groups and map them to roles in the StepSecurity dashboard for centralized access control.

hashtag
Step 6: For Idp Initiated login(Optional)

  • To get your RelayState value go to the StepSecurity App and navigate to Admin Console → Security & Auth → Configure SSO → Microsoft Entra ID → Step 4

  • In the Entra portal, paste that value into Relay State (Optional) under Basic SAML Configuration and Save.

hashtag
Step 7: Exchange metadata and (optionally) configure IdP‑initiated access

  • Download the IdP metadata file from the Entra SAML configuration page. Upload the file to the StepSecurity app and provide your organization’s email domain. Then notify the StepSecurity team via Slack or email and wait for the StepSecurity Operations team to update your tenant.

hashtag
Step 8: Confirm SSO Setup

  • On the StepSecurity → Security & Auth page, you can test your SSO integration.

  • To verify that the SSO flow is working, follow these steps:

    • Authorize your email address for SSO access: Navigate to the Admin Console -> Members and click "Add Members".

    • Select SSO as the Authentication Type and add your email as an authorized member.

    • Log out of your current StepSecurity session.

    • Go to https://app.stepsecurity.io/login and log in using SSO.

    • Confirm that you can successfully access the dashboard.

  • For additional confirmation, go to Admin Console → Security & Auth, then in Step 3 of the Microsoft Entra SSO configuration, click "Run SSO Test". Verify that all checks on the test page pass successfully

hashtag
Step 9: Add Members

Every SSO identity must be explicitly authorized in the StepSecurity dashboard. You can do this in two different ways:

  • Authorize Individual users

  • Authorize groups

To authorize individual users:

  • The user must also be explicitly authorized to access the application, either by assigning the user directly to the app or by assigning a group the user belongs to

  • Once the user is authorized in Microsoft Entra in your StepSecurity dashboard navigate to Admin Console -> Members

    • Click "Add Members" and select the SSO option

    • Add the user's email address

To authorize groups:

  • Ensure that the group is authorized to use the application

  • Once the group is authorized in Microsoft Entra in your StepSecurity dashboard navigate to Admin Console -> Members

  • Click "Add Members" on your StepSecurity dashboard and select the SSO Group option

  • Add the SSO group

For more details on adding members to your StepSecurity dashboard, visit this documentation.

PreviousSetting Up Okta SSONextAudit Logs

Last updated

Was this helpful?