Skip to content
Contact us
  • There are no suggestions because the search field is empty.

Single Sign-on Microsoft Entra ID

Learn how to configure Single Sign-On (SSO) between Microsoft Entra ID (formerly Azure Active Directory) and Security Journey using SAML 2.0. This guide walks administrators through prerequisites, application setup, attribute mapping, and metadata configuration.

Overview

Microsoft Entra ID is Microsoft’s cloud-based identity and access management service. When integrated with Security Journey, it allows users to authenticate using their existing Entra credentials through SAML 2.0 Single Sign-On (SSO).

Security Journey acts as the Service Provider (SP), while Microsoft Entra ID functions as the Identity Provider (IdP). All authentication traffic is secured using TLS/SSL.

Prerequisites

Before you begin, ensure you have:

Security Journey

  • Admin-level access to configure SSO settings

Microsoft Entra ID

  • Access to the Microsoft Entra admin center
  • At least Cloud Application Administrator permissions

Step 1 — Create an Enterprise Application

  1. Sign in to the Microsoft Entra admin center.
  2. Navigate to Identity > Applications > Enterprise applications.
  3. Select New application.
  4. Choose Create your own application.
  5. Enter an application name (for example, Security Journey).
  6. Select Integrate any other application you don’t find in the gallery (Non-gallery).
  7. Click Create.
  8. From the application overview page, select Set up single sign-on.
  9. Choose SAML as the SSO method.

Step 2 — Configure Basic SAML Settings

In the Basic SAML Configuration section, configure the following values:

  • Identifier (Entity ID): urn:amazon:cognito:sp:us-east-1_CHi5tsM8X
  • Reply URL (Assertion Consumer Service URL): https://auth.hackedu.com/saml2/idpresponse
  • Sign-on URL: https://my.securityjourney.com/login/?domain=companydomain.com

Replace companydomain.com with your organization’s domain. Save your changes once all fields are populated.

Step 3 — Configure Attributes & Claims

Security Journey uses SAML claims to identify and provision users.

Required Attributes

The following attributes must be sent for successful authentication and user creation:

  • Email (typically user.userprincipalname)
  • First Name
  • Last Name

Microsoft Entra ID maps user.userprincipalname by default, which Security Journey uses as the user’s email address.

Optional Attributes

You may optionally configure additional claims (such as department or job title) to pass learner attributes into Security Journey.

Step 4 — Download and Upload SAML Metadata

In your Entra enterprise application, locate the SAML Certificates section.

  • Download the Federation Metadata XML file.
  • Log in to Security Journey as an administrator.
  • Navigate to SSO Settings.
  • Upload the Federation Metadata XML file.

This completes the trust relationship between Microsoft Entra ID and Security Journey.

Assign Users or Groups

After configuration, ensure users can access Security Journey:

  • In Microsoft Entra ID, open the enterprise application.
  • Go to Users and groups.
  • Assign the appropriate users or groups.

Only assigned users will be able to authenticate via SSO.

Login URL

Once configured, users can log in via: https://my.securityjourney.com/

They will be redirected to Microsoft Entra ID for authentication.

Next Steps / Related Articles