Configure Entra ID (Azure AD) to manage your directory of users
- Updated on Oct 09, 2024
Entra ID is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources. SonicWall integrates with your organization’s Entra ID SSO to authenticate users that need access to Cloud Secure Edge services.
Pre-requisites
In order to set up this integration, you need the following privileges:
- administrative access to Entra ID;
- the ability to add a new Enterprise Application.
Steps
Step 1: Add CSE TrustProvider as an app in Entra ID
1.1 In your Entra admin center, navigate from Applications > Enterprise Applications.
1.2 Select + New application, and then select Create your own application. This will generate a pop-out window on the right side of the webpage. In the What’s the name of your app? field, enter “CSE TrustProvider”.
1.3 Select Integrate any other application you don’t find in the gallery (Non-gallery).
1.4 Select Create. This will navigate you to the new Overview page of the app you just added (i.e., CSE TrustProvider).
Step 2: Assign users and groups
2.1 Under Getting Started, select Assign users and groups.
2.2 Add users and groups, and assign roles to those users and groups.
Note: Group synchronizing is currently unavailable for SCIM provisioning with Entra ID. Ensure that you are only adding users (and not groups) if you plan to enable SCIM for Entra ID.
Step 3: Set up single sign-on
3.1 In the Cloud Secure Edge Command Center, navigate from Settings > Identity and Access > End User, and select Entra ID as the Provider Name.
3.2 Select SAML as the Provider Protocol.
3.3 Copy the Redirect URL.
3.4 In your Entra admin center, set up single sign-on. This will generate four different single sign-on methods to choose from. Select SAML.
3.5 Edit the Basic SAML Configuration.
3.6 Paste the Redirect URL value (from the Cloud Secure Edge Command Center, copied in Step 3.3) into the Identifier field and into the Reply URL field in Entra ID.
3.7 Save.
3.8 In your Entra admin center, navigate to Attributes and Claims (Manage > Single sign-on > Attributes & Claims), and select the Edit icon.
3.9 Select Add new claim.
3.10 In the Name field, enter displayname
. In the Namespace field, enter http://schemas.xmlsoap.org/ws/2005/05/identity/claims
. Under Source, check Attribute, and in the Source attribute field, enter user.displayname
.
3.11 Save.
3.12 Select Add a group claim: This will generate a pop-out window on the right side of the webpage. In the Group Claims pop-out window, select All groups as groups returned in the claim, and then select sAMAccountName as the Source Attribute.
3.13 Save.
3.14 Under SAML Certificates, copy the App Federation Metadata URL. Navigate to your Entra ID IDP config page in the CSE Command Center: ensure that under IDP Settings, IDP Metadata URL is selected. Paste the copied App Federation Metadata URL (from the Entra admin center) into the IDP Metadata URL field in the CSE Command Center.
3.15 Save.
Note: The IDP metadata is evaluated daily. If there are any changes to the CSE TrustProvider app in Entra ID, CSE picks up the changes via the metadata URL and applies these changes to your IDP configuration in the CSE Command Center.
Step 4: Delete existing device registration configuration
4.1 Navigate to the Device tab in CSE (Settings > Identity and Access > Device) and delete the current device registration configuration (if it exists) by selecting the trash can at top right of the section.
Step 5: Optional - Enable SCIM Provisioning
Note: Ensure that your IDP configuration settings are set up properly and saved before enabling SCIM.
5.1 To enable SCIM for Entra ID, view our Enabling SCIM for end users that use Entra ID doc.
Can’t find what you’re looking for?
We’re happy to help. Contact our team.