1.1 In your Entra admin center, navigate from Applications > Enterprise Applications.

1.2 Select + New application, and then select Create your own application. This will generate a pop-out window on the right side of the webpage. In the What’s the name of your app? field, enter “CSE TrustProvider”.

1.3 Select Integrate any other application you don’t find in the gallery (Non-gallery).

1.4 Select Create. This will navigate you to the new Overview page of the app you just added (i.e., CSE TrustProvider).

2.1 Under Getting Started, select Assign users and groups.

2.2 Add users and groups, and assign roles to those users and groups.

Note: Group synchronizing is currently unavailable for SCIM provisioning with Entra ID. Ensure that you are only adding users (and not groups) if you plan to enable SCIM for Entra ID.

3.1 In the Cloud Secure Edge Command Center, navigate from Settings > Identity and Access > End User, and select Entra ID as the Provider Name.

3.2 Select SAML as the Provider Protocol.

3.3 Copy the Redirect URL.

3.4 In your Entra admin center, set up single sign-on. This will generate four different single sign-on methods to choose from. Select SAML.

3.5 Edit the Basic SAML Configuration.

3.6 Paste the Redirect URL value (from the Cloud Secure Edge Command Center, copied in Step 3.3) into the Identifier field and into the Reply URL field in Entra ID.

3.7 Save.

3.8 In your Entra admin center, navigate to Attributes and Claims (Manage > Single sign-on > Attributes & Claims), and select the Edit icon.

3.9 Select Add a group claim: This will generate a pop-out window on the right side of the webpage. In the Group Claims pop-out window, select All groups as groups returned in the claim, and then select sAMAccountName as the Source Attribute.

3.10 Save.

3.11 Under SAML Certificates, copy the App Federation Metadata URL. Navigate to your Entra ID IDP config page in the CSE Command Center: ensure that under IDP Settings, IDP Metadata URL is selected. Paste the copied App Federation Metadata URL (from the Entra admin center) into the IDP Metadata URL field in the CSE Command Center.

3.12 Save.

Note: The IDP metadata is evaluated daily. If there are any changes to the CSE TrustProvider app in Entra ID, CSE picks up the changes via the metadata URL and applies these changes to your IDP configuration in the CSE Command Center.

Note: Ensure that your IDP configuration settings are set up properly and saved before enabling SCIM.

To enable SCIM for Entra ID, view our Enabling SCIM for end users that use Entra ID doc.