Configure SAML single sign-on with Azure AD
You can configure your ExtraHop system to enable users to log in to the system through the Azure AD identity management service.
Before you begin
- You should be familiar with administering Azure AD.
- You should be familiar with administering ExtraHop systems.
These procedures require you to copy and paste information between the ExtraHop system and Google Admin console, so it is helpful to have each system open side-by-side.
Enable SAML on the ExtraHop system
- Log in to the Administration settings on the ExtraHop system through https://<extrahop-hostname-or-IP-address>/admin.
- In the Access Settings section, click Remote Authentication.
- From the Remote authentication method drop-down list, select SAML.
- Click Continue.
- Click View SP Metadata. You will need to copy the Assertion Consumer Service (ACS) URL and Entity ID to paste into the Azure configuration in a later procedure.
Configure Azure
In the following procedures, you will create an enterprise application, add users and groups to the application, and configure single sign-on settings.
Create a new application
- Log in to your Microsoft Azure portal.
- In the Azure services section, click Enterprise applications.
- Click New application.
- Click Create your own application.
- Type a name for the sensor in the name field. This name appears for your users on the Azure My Apps page.
- Select Integrate any other application you don't find in the gallery.
- Click Create.
The application Overview page appears.
Log in to the ExtraHop system
- Log in to the ExtraHop system through https://<extrahop-hostname-or-IP-address>.
- Click Log in with <provider name>.
- Sign in to your provider with your email address and password. If multi-factor authentication (MFA) is configured, follow the instructions to set up your MFA app.
Thank you for your feedback. Can we contact you to ask follow up questions?