Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Integrate Microsoft Entra SSO with Skyhigh SSE Dashboard

  1. Last updated
  2. Save as PDF

This topic describes how to integrate Microsoft Entra SAML-based SSO with the Skyhigh SSE Dashboard.

Prerequisites

Before you begin, make sure you have:

  • Admin access to Microsoft Entra.
  • Admin access to the Skyhigh SSE Dashboard.
  • Users created in the Skyhigh SSE Dashboard with first and last names that match the Entra user details (automatic user provisioning is not supported).
  • (Optional) User groups in Entra to simplify SSO assignment.

Steps to Integrate 

Integrate SAML-based SSO in Microsoft Entra and the Skyhigh SSE Dashboard with the following steps:

Microsoft Entra Configuration
  1. Sign in to the Azure portal.
  2. Go to Enterprise applicationsAll applications.

    1.png
     
  3. Click New application.

    2.png
     
  4. Click Create your own application. 

    3_1.png
     
  5. In the Create your own application side panel, enter a name for the application (for example, Skyhigh SSE Dashboard).

    4.png
     
  6. Open the newly created application, and go to Manage > Single sign-on > SAML.

    5.png
     
  7. Edit the Basic SAML Configuration settings and enter the following temporary values:
    • Identifier(Entity ID).https://auth.ui.trellix.com
    • Reply URL(Assertion Consumer Service URL). https://auth.ui.trellix.com
    • Relay State(Optional). https://auth.ui.trellix.com

NOTE: Update these values after configuring in the Skyhigh SSE Dashboard Settings.


6.png
 

  1. Configure Attributes & Claims as required.

    7.png
     
  2. Download the certificate (Base64 format).

    8.png
     
  3. Click clipboard_e12b5981596e5eea7fb185959ccce4ba9.png to copy the Login URL and Microsoft Entra Identifier.

    10.png
     
Configure Skyhigh SSE Dashboard Settings 
  1. Log in to the Skyhigh SSE Dashboard with Admin access.
  2. Go to User Menu > Identity Provider.

    11.png
     
  3. Edit the configuration:
    1. Enable Identity Provider SSO.
    2. Enter the Microsoft Entra Identifier in the Issuer field.
    3. Upload the Base64 certificate.
    4. Enter the Login URL.

      12q.png

      13.png
       
  4. Enable SAML Exception for the Break Glass Account (recommended).
  5. If applicable, apply an exclusion for the Cloud Connector user (non-SAML).

    14.png
     
  6. Click clipboard_e6a9d36c7896a2f8163045f058a2e9136.png to copy the generated Audience and Assertion Consumer Service (ACS) URL, then save the changes.

    15.png
Update Basic SAML Configuration in Microsoft Entra
  1. In Microsoft Entra, go to Basic SAML Configuration.
  2. Replace the temporary Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) values with the final values from the Skyhigh SSE Dashboard.

    16.png
  3. Assign users or groups:
    1.  Go to Groups > Add Users/Groups.
    2. Select and assign the required users or groups.
Test Single Sign-On
  1. Log in to https://myapps.microsoft.com using a user account assigned to the Skyhigh SSE Dashboard.
  2. Click Skyhigh SSE Dashboard to launch the application. 
  3. Verify that the login is successful and does not prompt for a username or password.
Troubleshoot SSO Login Errors

SSO login may fail if user details in the Skyhigh SSE Dashboard do not match those in Microsoft Entra.

To troubleshoot:

  1. Collect SAML tracer logs and verify the claim attributes.
  2. Ensure that the First Name and Last Name in the Skyhigh SSE Dashboard exactly match the user details in Microsoft Entra.
  1. Back to top
  • Was this article helpful?

Recommended articles

  1. Article type
    Topic
  2. Tags
    This page has no tags.