Microsoft Entra ID (formerly Azure AD) (SAML 2.0)

Harmony SASE allows you to authenticate securely by integrating Microsoft Entra ID (formerly Azure AD) with SAML 2.0.

Configure Microsoft Azure Portal

  1. Log in to your Microsoft Azure Portal.

  2. Navigate to Azure Active Directory in the left pane.

  3. Go to Manage > Enterprise applications.

  4. Click New application.

  5. Click Create your own application.

  6. In the What's the name of your app filed, enter a name for your application.

    Note - Do not change the default setting.

  7. Click Create.

    The Microsoft Azure application is created.

  1. Click Assign users and groups tile in the Getting Started section.

  2. Search for and select the user and group that you want to assign to the application. If you are using Azure AD Free edition, you cannot add groups, add individual users instead.

  3. Click Set up single sign on to enable and configure single sign-on for your application.

    The Select a single sign-on method window appears.

  4. Click SAML.

  5. Click Edit in the Basic SAML Configuration tile.

  6. Enter these:

    1. Identifier - urn:auth0:perimeter81:{{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

    2. Reply URL (Assertion Consumer Service URL) - https://auth.perimeter81.com/login/callback?connection={{WORKSPACE}}-oc where {{WORKSPACE}} refers to your Harmony SASE workspace name.

  7. Click Save.

  8. Back on the SAML Signing Certificate tile, go to the Certificate (Base64) file and click Download.

    The Certificate (Base64) is downloaded. This certificate will be used for configuring the SAML settings for the application.

  9. To copy your Login URL, go to the Set up Harmony SASE tile, expand Or, view step-by-step instructions and click .

Configure the Harmony SASE Administrator Portal

  1. Log in to the Harmony SASE Administrator Portal with a administrator account.

  2. Go to Settings > Identity Providers.

  3. Click Add Provider.

    The Add identity provider pop-up appears.

  4. Select SAML 2.0 Identity Providers and click Continue.

  5. In the Sign in URL field, enter the Identity Provider Sign-in URL from your SAML Identity Provider.

    Identity Provider

    Sign in URL

    Generic SAML

    Identity Provider Sign in URL

    Active Directory Federation Services (AD FS)

    https://{{Your ADFS Domain}}/adfs/ls

    Auth0

    Auth0 login URL

    OneLogin

    SAML 2.0 Endpoint (HTTP) value

    PingOne

    https://sso.connect.pingidentity.com/sso/idp/SSO.saml2?idpid={{idpid}}

    PingFederate

    https://sso.{{Your PingFederate Domain}}.com/idp/SSO.saml2

    Rippling

    Rippling IdP Sign-in URL.

    JumpCloud

    JumpCloud IDP URL

    Okta

    Okta Sign on URL

    Google Applications

    SSO URL

  6. In the Domain Aliases field, enter the business domain names separated by commas or space.

  7. In the X509 Signing Certificate field, enter the X.509 signing certificate for the application from the SAML Identity Provider.

    If you have the signing certificate as PEM/CERT file, click Upload PEM/CERT File and select the file.

  8. Click Done.

Note - After the first successful authentication of a member with SAML, Harmony SASE does this:

  • Assigns the member with the appropriate role.

  • Adds the member to the groups related to Identity Provider.

  • Applies the relevant configuration profiles to the member.