Configure Azure AD to manage your directory of users in Banyan
- Updated on Jul 18, 2023
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources. Banyan integrates with your organization’s Azure AD SSO to authenticate enterprise users that need access to Banyan-secured services.
In order to set up this integration, you need the following privileges:
- administrative access to Azure AD;
- the ability to add a new Enterprise Application.
Step 1: Add Banyan TrustProvider as an App in Azure AD
1.1 In your Azure AD account, navigate to Azure AD Active Directory. This should lead you to your Banyan Overview page.
1.2 On the Overview page, select +Add. From the dropdown menu, select Enterprise application.
1.3 Select Create your own application. This will generate a pop-out window on the right side of the webpage. In the What’s the name of your app? field, enter “Banyan TrustProvider”.
1.4 Select Integrate any other application you don’t find in the gallery (Non-gallery).
Note: Once you type “Banyan”, you might be suggested an App named “Banyan Security Administrator Console”. DO NOT select it.
1.5 Select Create. This will navigate you to the new Overview page of the app you just added (i.e., Banyan TrustProvider).
Step 2: Set up a Single Sign-On method in Azure AD
2.1 Under Getting Started, select 2. Set up single sign on. This will generate four different single sign on methods to choose from. Select SAML.
Step 3: Configure User Identity Provider Settings in Banyan
3.1 Log into Banyan’s Command Center, and navigate from Settings > Identity Provider.
3.2 In the Identity Provider Protocol field, select “SAML”. In the Identity Provider Name field, select “OTHER” and then enter “Azure AD”.
3.3 In the IDP SSO URL field, enter the Login URL (from your Azure AD account). The Login URL can be found in your Azure AD portal under 4. Set Up Banyan TrustProvider.
3.4 Copy the Redirect URL (SAML ACS) on the User Identity Provider configuration page in Banyan, and navigate back to your Banyan TrustProvider app in your Azure AD portal. In the 1. Basic SAML Configuration box in Azure AD, select Edit. This will generate a pop-out window on the right side of the webpage. Paste the Redirect URL in both the Identifier (Entity ID) field and the Reply URL (Assertion Consumer Service URL) field (by selecting Add Identifier).
3.6 Next, in the 2. Attributes & Claims box in Azure AD, select Edit. Select Add a group claim. This will generate a pop-out window on the right side of the webpage. Select your required groups and Save your changes.
3.7 Select + Add new claim. In the Name field, enter “displayname”. In the Namespace field, enter “http://schemas.xmlsoap.org/ws/2005/05/identity/claims”. Under Source, select Attribute. In the Source attribute field, enter “user.displayname”.
3.8 Select Save.
3.9 Copy the following claim names and paste them in their corresponding fields on the User Identity Provider configuration page in Banyan’s Command Center (i.e., the Username Attribute, Email Attribute, and Groups Attribute fields).
3.10 In your Azure AD portal, navigate to box 3. SAML Certificates, and download the Certificate (Base64).
3.11 Open the downloaded certificate in a text editor, and ensure that there are no spaces at the beginning or end of the certificate text. Paste the certificate text in the IDP CA Certificate field on the User Identity Provider configuration page in Banyan.
3.12 In your Azure AD portal, navigate from Banyan TrustProvider > Manage > Properties, and toggle Assignment required? and Visible to users? to No. Then, select Save.
3.13 In Banyan’s Command Center on the User Identity Provider configuration page, select Update User Identity Provider Config to complete the configuration.
Can’t find what you’re looking for?
We’re happy to help. Contact our team.