Configuring Microsoft Entra ID SAML Single Sign-On to 0patch Central

0patch Support -

If your organization uses Microsoft Entra ID as your Identity Provider, this guide will help you create an Entra ID Enterprise Application for 0patch Central using SAML 2.0.

After the Application is successfully created, your users will be able to use one-click access to 0patch Central from their app dashboard https://myapps.microsoft.com/

 

Creating a new Application for 0patch Central

  1. Log into Azure as administrator.
  2. In the Admin Console go to Microsoft Entra ID -> Manage -> Enterprise Applications -> "New Application"

    1_Add_Ent_App.png

  3. Under "Browse Microsoft Entra Gallery", click "Create your own application". 

    2_Create_App.png

  4. Enter the name for your new application and pick "Integrate any other application you don’t find in the gallery (Non-gallery)". Click "Create".

    3_Create_App_step2.png

  5. In your application's overview, go to Manage -> Single sign-on and select "SAML".

    4_set_up_SSO_pick_SAML.png

  6. In another browser tab, login to 0patch Central, go to Account -> Single Sign-On and click the switch button to enable SAML.

    4_enable_saml.png
  7. In the SAML configuration dialog you’ll need SAML Assertion Consumer URL and Audience parameters to finish setting up the Entra ID app.

    5_Get_IdP_Settings.png

  8. In Azure Enterprise application, edit the Basic SAML Configuration section. Copy the SAML configuration parameters from 0patch Central to the appropriate fields and click "Save":
    • Identifier (Entity ID): Copy the value of Audience from 0patch Central SAML configuration.
    • : Copy the value of SAML Assertion Consumer Service URL from 0patch Central SAML configuration.
    • Sign on URL: This URL is used for Service Provider-initiated (Originating from 0patch Central) sign-on requests. Copy the value of Audience from 0patch Central SAML configuration and append "login" (i.e. https://dist.0patch.com/saml/123456789/login).
    • Click "Save".

      5_Basic_SAML_Config.png

  9. [Perform this step only if 0patch Central users are identified with Entra ID user's mail value instead of their Entra ID User principal name. If you're using SCIM provisioning and perform this step, make sure that you also provision users with their Entra ID mail value instead of their Entra ID User principal name.] Edit the Attribute & Claims section. Click the "Unique User Identifier (Name ID)" claim, then set its Source attribute to "user.mail" and click "Save".

    6_Set_NameId_to_email.png

  10. In the SAML Certificates section, download the Base64 encoded certificate, and open the file in a text editor.

    7_Get_Cert.png

  11. Copy the Base64 encoded certificate into 0patch Central’s SAML Configuration window.

    8_Copy_Cert.png

  12. Copy the Login URL and Microsoft Entra Identifier parameters from your Azure application’s settings to 0patch Central’s SAML configuration window and click "CONFIRM". (You can edit the configuration in the Single Sign-On tab of 0patch Central Account section any time).

    9_Copy_SSO_url_Issuer.png

  13. After configuring SAML in 0patch Central, return to Azure Application's settings to assign Entra ID users to the application. Go to Users and Groups -> "Add user/group". If you don’t have users in Entra ID with their Email property corresponding to your existing 0patch users, create them.

    10_Assign_Step1.png

    10_Assign_Step2.png

  14. After assigning users to the app, they will find the one-click access link to 0patch Central on their app dashboard located at https://myapps.microsoft.com/
  15. Finally, in order for a user to be able to login to 0patch Central with SAML, the user must already exist in 0patch Central. This can be achieved in two ways:
    1. If you're using SCIM provisioning, 0patch Central users will be automatically provisioned to 0patch Central and will automatically be able to login with SAML.
    2. If you're not using SCIM provisioning, you have to manually invite users to 0patch Central under Account -> Users, and these users can only login with SAML after having activated their account.
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.