Configure Entra ID (Azure AD) to manage your directory of users in Banyan

  • Updated on Apr 10, 2024

Entra ID is Microsoft’s cloud-based identity and access management service, which helps your employees sign in and access resources. Banyan integrates with your organization’s Entra ID SSO to authenticate enterprise users that need access to Banyan-secured services.


In order to set up this integration, you need the following privileges:

  • administrative access to Entra ID;
  • the ability to add a new Enterprise Application.


1.1 In your Azure AD account, navigate to Entra ID Active Directory. This should lead you to your Banyan Overview page.

1.2 On the Overview page, select +Add. From the dropdown menu, select Enterprise application.

1.3 Select Create your own application. This will generate a pop-out window on the right side of the webpage. In the What’s the name of your app? field, enter “Banyan TrustProvider”.

1.4 Select Integrate any other application you don’t find in the gallery (Non-gallery).

Note: Once you type “Banyan”, you might be suggested an App named “Banyan Security Administrator Console”. DO NOT select it.

1.5 Select Create. This will navigate you to the new Overview page of the app you just added (i.e., Banyan TrustProvider).

2.1 Under Getting Started, select 2. Set up single sign on. This will generate four different single sign on methods to choose from. Select SAML.

3.1 Log into Banyan’s Command Center, and navigate from Settings > Identity and Access tab > End User tab.

3.2 In the Identity Provider Protocol field, select SAML. In the Identity Provider Name field, select OTHER and then enter “Azure AD”.

3.3 In the IDP SSO URL field, enter the Login URL (from your Azure AD account). The Login URL can be found in your Azure AD portal under 4. Set Up Banyan TrustProvider.

3.4 Copy the Redirect URL (SAML ACS) on the User Identity Provider configuration page in Banyan, and navigate back to your Banyan TrustProvider app in your Azure AD portal. In the 1. Basic SAML Configuration box in Azure AD, select Edit. This will generate a pop-out window on the right side of the webpage. Paste the Redirect URL in both the Identifier (Entity ID) field and the Reply URL (Assertion Consumer Service URL) field (by selecting Add Identifier).

3.5 Save.

3.6 Next, in the 2. Attributes & Claims box in Azure AD, select Edit. Select Add a group claim. This will generate a pop-out window on the right side of the webpage.

3.7 In the Group Claims pop-out window, select Groups assigned to the application as groups returned in the claim, and select sAMAccountName as the Source Attribute. Check the Emit group name for cloud-only groups box. Then select Save.

The group claims should look like this after:

3.8 Copy the following claim names and paste them in their corresponding fields on the User Identity Provider configuration page in Banyan’s Command Center (i.e., the Username Attribute, Email Attribute, and Groups Attribute fields).

  • Username Attribute:

  • Email Attribute:

  • Groups Attribute:

3.9 Select + Add new claim. In the Name field, enter “displayname”. In the Namespace field, enter “”. Under Source, select Attribute. In the Source attribute field, enter “user.displayname”.

3.10 In your Entra ID portal, navigate to box 3. SAML Certificates, and download the Certificate (Base64).

3.11 Open the downloaded certificate in a text editor, and ensure that there are no spaces at the beginning or end of the certificate text. Paste the certificate text in the IDP CA Certificate field on the User Identity Provider configuration page in Banyan.

3.12 In your Entra ID portal, navigate from Banyan TrustProvider > Manage > Properties, and toggle Assignment required? and Visible to users? to No. Then, select Save.

3.13 In Banyan’s Command Center on the User Identity Provider configuration page, select Update User Identity Provider Config to complete the configuration.

Can’t find what you’re looking for?

We’re happy to help. Contact our team.