SAML For Microsoft Azure/Entra

Updated

Recorded Future only supports an SP-Initiated flow. Please use the guide below to configure SSO via SAML for your users ease of access. 

Please follow the instructions below to configure SAML in your Azure/Entra tenant. An SSO Identifier is a unique identifier that is for each organization. This identifier is used in the configuration information below and can only be acquired by contacting the Support team. 

Instructions

  1. Sign in to the Microsoft Entra admin center. 
    Note: Your permissions must be at the level of Cloud Application Administrator or higher.

  2. Navigate to Identity > Applications > Enterprise applications > All applications.

  3. Select New application.

  4. The Browse Microsoft Entra Gallery pane opens and displays tiles for cloud platforms, on-premises applications, and featured applications. Applications listed in the Featured Applications section have icons indicating whether they support federated single sign-on (SSO) and provisioning. Search for and select the application. In this quickstart, *Azure AD SAML Toolkit is being used.
    Screenshot 2023-12-04 at 2.19.26 PM.png

  5. Enter a name that you want to use to recognize the instance of the application. For example, Recorded Future.

  6. Select Create.

  7. In the Manage section of the left menu, select Single sign-on to open the Single sign-on pane for editing.

  8. Select SAML to open the SSO configuration page. After the application is configured, users can sign in to it by using their credentials from the Microsoft Entra tenant, if assigned.
    Screenshot 2023-12-04 at 3.13.46 PM.png

  9. In the resulting SAML configuration, click to edit step 1 Basic SAML Configuration and enter the following:

    • Entity ID: urn:auth0:recordedfuture:<SSO_Identifier_Here>

    • Reply URL: https://sso.recordedfuture.com/login/callback?connection=<SSO_Identifier_Here>

    • Sign On URL: https://app.recordedfuture.com/live/login/?sso_key=<SSO_Identifier_Here>
      Screenshot 2023-12-04 at 3.21.05 PM.png

  10. In step 2, Attributes & Claims, you shouldn’t have to make any changes. Please note that the username value that Recorded Future expects is the email address on file for a given user’s account. You may need to add a manual transform to pass the expected value in limited cases.

  11. On step 3 SAML Certificates, please download and provide your Federation Metadata XML to Recorded Future Support:
    Screenshot 2023-12-04 at 3.30.23 PM.png

  12. Return to the Manage menu and navigate to the Properties section.

    • Here, you can add the following image to help your users identify Recorded Future more easily by uploading it to the Logo field:
      Screenshot 2023-12-04 at 3.34.00 PM 1.png

      Logo file attached here.

This content is confidential. Do not distribute or download content in a manner that violates your Recorded Future license agreement. Sharing this content outside of licensed Recorded Future users constitutes a breach of the terms and/or agreement and shall be considered a breach by your organization.
Was this article helpful?
1 out of 1 found this helpful

Articles in this section