Configure Azure AD/Microsoft Entra ID as a Third-Party IdP with SOTI Identity
Before you begin
Set up and verify a domain to use with this Azure AD/Microsoft Entra ID IdP connection. See Add Domains for more information.
About this task
If you already have a set of users with Azure AD/Microsoft Entra ID, you can configure SOTI Identity to delegate authentication and authorization to Azure AD/Microsoft Entra ID rather than recreate an existing set of users and structures.
Procedure
-
In the SOTI Identity Admin Console, open the main menu and select Directories/IDP.
You can also add an Azure AD/Microsoft Entra ID connection from the Users view. Select New Group/Directory and select IdP Connection.
- Select Create Connection dialog box. to open the
- Select Azure AD/Microsoft Entra ID.
-
Enter a Connection Name for the Azure AD/Microsoft Entra ID connection.
Connection names may only include alphabetic and numeric characters and cannot be longer than 100 characters.
Each Azure AD/Microsoft Entra ID connection name must be unique within the SOTI Identity console.
-
Add at least one domain from the Select Domain
list.
Domains control who can (or cannot) log into a SOTI Identity account and its associated applications. Each Azure AD/Microsoft Entra ID connection is mapped to at least one domain to help administrators identify the connection.
Only verified domains appear in this list. If you have not set up a verified domain yet, select Manage Domains. The page redirects to the Domains view where you can add and verify domains. Your current draft connection is lost.
-
Select Authenticate.
The Azure AD/Microsoft Entra ID portal opens in a new browser window.
-
In the Azure AD/Microsoft Entra ID portal, enter the credentials for the
Azure AD/Microsoft Entra ID account you are using to add this connection
to SOTI Identity.
The Azure AD/Microsoft Entra ID account must be an administrator.
-
Select Consent on behalf of your organization to grant
SOTI Identity the permissions that it requires from
your Azure AD/Microsoft Entra ID connection.
Note: The administrator must approve requested permissions for both delegated and application permissions.Once Microsoft verifies the account and confirms it has the necessary permissions, the Azure AD/Microsoft Entra ID portal browser window closes and returns to the SOTI Identity console.
- Open the main menu and go to the Users view.
- Select New User/User Group in the upper-right corner of the console.
- Select Add to open the Azure AD/Microsoft Entra ID User/Group search field.
- In the search field, start typing to find users or groups in the Azure AD/Microsoft Entra ID connection.
- Optional:
Make the user or group a SOTI Identity account administrator. Leave unselected if the user only needs access to other SOTI ONE applications.
Note: Account administrators can manage and change all settings in your SOTI Identity console and account so you should be careful who you make an account administrator.
If you add a group, users within that group keep any roles assigned directly and inherit the roles from the group.
-
Repeat to add more users or groups.
To remove a user or group, hover over its row and select Delete.
-
Select Add to add the IdP users or groups to SOTI Identity.
Note: User/group information does not synchronize in real-time between Azure and SOTI Identity. Deleting or adding a new user in Azure does not make the same changes in SOTI Identity.
Results
You have connected your Azure AD/Microsoft Entra ID connection to SOTI Identity. Users in the groups you just added receives an email that notifies them that they have been enrolled in SOTI Identity. However, they do not have access to an application until you assign it.
What to do next
Assign applications to Azure AD/Microsoft Entra ID users and user groups. See Assign Applications to Users for more Information.