Contents x
    Azure Active Directory (SAML 2.0)
    • 12 Sep 2023
    • 2 Minutes to read
    • Contributors
      Contents

      Azure Active Directory (SAML 2.0)

      • Updated on 12 Sep 2023
      • 2 Minutes to read
      • Contributors
        Article Summary

        Introduction

        This article details how to use Azure Active Directory with SAML 2.0 as an identity provider for Perimeter 81. 

        The integration ensures secure and efficient user authentication. Note: Using SAML 2.0 means user groups won't auto-sync like with App Registration, requiring manual adjustments in Perimeter81.

        Steps

        1.) Start by signing into your Azure Active Directory and selecting Enterprise Applications.

        2.) Create a "+ New Application"

        3.) Search for the "Perimeter81" application and click to select it

        4.) Select "Create" (This may take a few minutes)

        5.) You'll have to assign access to users or groups (if you are using the Azure AD free edition you won't be able to select groups and will have to select individual users)

        6.) Once users have been added and saved you will select the second option to "2. Set up single sign on"

        7.) You will then select the "SAML" method

        8.) We'll be editing the "Basic SAML Configuration"

        9.) On this step we'll be adding the following as our "Identifier":

        urn:auth0:perimeter81:YOURWORKSPACEHERE-oc

        For our "Reply URL (Assertion Consumer Service URL)" we'll be inputting the following:

        https://auth.perimeter81.com/login/callback?connection=YOURWORKSPACEHERE-oc
        Note
        Remember to change the YOURWORKSPACEHERE tag to reflect your actual workspace. This will be the subdomain in your Perimeter81 sign-in URL "XXXXX.perimeter81.com"

        After both have been added you can select the "Save" option.

        10.) Finally we'll be downloading your SAML Signing certificate in Step 3 (the Base64 version).

        In step 5 we'll be expanding the "Step-by-step instructions" and copying your Login URL

        Notes
        Be sure to keep both your SAML Signing Certificate and Login URL accessible as we will be using them both very shortly in your Perimeter81 Tennant. 

        Configuring the SAML 2.0 Application on Perimeter 81

        1.) Click on settings in your Perimeter81 Tennant, go to your Identity Providers and select the option to " + Add Provider"

        2.) Select "SAML 2.0 Identity Providers" and then "Continue"

        3.) Fill out the following:

        • Sign in URL: This will be your "Login URL" you copied from Azure
        • Domain Aliases: This will be the domain used by your users (everything after the "@" sign in their email)
        • X509 Signing Certificate: This will be the certificate we downloaded from Azure.
        • After everything has been added select "Done"

        Recommendations

        • Assign access to users or groups. For the Azure AD free edition, you might need to select individual users instead of groups.
        • Ensure placeholders like YOURWORKSPACEHERE are replaced with your actual workspace name.
        • Periodically review your Azure Active Directory configuration settings to ensure alignment with any updates or changes in the Perimeter 81 platform

        Troubleshooting

        If you encounter issues during or after the setup, try reviewing your settings to ensure everything matches the instructions. In particular, check the IP addresses and other details you entered during setup. If issues persist, please consult our dedicated support.

        Support Contacts

        If you have any difficulties or questions, don't hesitate to contact Perimeter 81's support team. We offer 24/7 chat support on our website at Perimeter81.com, or you can email us at support@perimeter81.com. We're here to assist you and ensure your VPN tunnel setup is a success

        Was this article helpful?
        What's Next