Single Sign-On with Entra ID

Overview

This step-by-step guide explains how to set up Single Sign-On in CodeScan with Microsoft Entra ID [formerly Azure Active Directory (AD)] as your SAML 2.0 Identity Provider (IdP).

When you integrate CodeScan with Entra ID, you can:

1. Control in Entra ID who has access to CodeScan.

2. Enable your users to be automatically signed in to CodeScan with their Entra ID accounts.

3. Manage your accounts in one central location: the Azure portal.

Prerequisites

To get started, you need the following items:

1. Microsoft Azure account with Entra ID activated.

2. Administrator-level access to CodeScan and Entra ID to configure SSO.

3. Enable Single Sign-On (SSO) in CodeScan.

4. Add CodeScan as a non-gallery application in Azure.

Instructions

Step 1: Enabling Single Sign-On in CodeScan

Before configuring SSO in Entra ID, you must enable SSO in CodeScan.

1. In CodeScan, click on the Profile icon on the right corner of the screen and select your organization (under My Organizations).

2. Go to Administration > SAML Connections.

3. Click on Create Connection.

4. In the Connection name field, enter the identity provider name as you want it to appear (use only Latin characters without spaces and any special characters).

5. Enter a valid domain name of the organization in the Corporate domain field that can be authenticated in the Identity Provider. This property cannot be updated after SAML Connection creation. Example: In case of abc@autorabit.com, the corporate domain will be autorabit.com.

6. Keep the Enforce SSO checkbox unchecked for now. You can enable Enforce SSO later when your domain has been confirmed. Once enabled, only SSO authentication will be allowed for email addresses of your corporate domain.

   Point to Note:

   • Enforcing SSO affects both login and signup. Existing Auth0 users won't be able to login.

   • Signup with email domain same as corporate domain won't be allowed.

   • If the Enforce SSO checkbox is enabled prematurely, it will prohibit all users in their organization from accessing CodeScan. Consider enforcing SSO only after admins have logged in to CodeScan using SSO.

7. Keep the SAML Connection status checkbox as Enabled and click on Create button.

8. You will be able to see the Metadata URL generated for your SSO configuration. Keep the current page open while you continue to add the CodeScan app to Entra ID.

Step 2: Configuring Azure Portal with Entra ID

1. Log in to the Azure portal (https://portal.azure.com/). In the left-hand menu, click Entra ID > Enterprise applications.

2. Select All applications under the Manage section.

3. Click + New application at the top of the screen.

4. On the next screen, click on the + Create your own application button.

5. Enter the name of the app as CODESCAN and choose the third option i.e., Integrate any other application you don't find in the gallery (Non-gallery). Click Create.

6. Once the CodeScan application is created, click on Single Sign-On under the Manage section.

1. On the Select a Single Sign-On method dialog, select SAML mode to enable single sign-on.

1. On the Set up Single Sign-On with SAML page, click the Edit (pencil) icon for Basic SAML Configuration to edit the settings.

1. On the Basic SAML Configuration section, perform the following steps:

   • In the Identifier (Entity ID) field, enter the connection_id in this field.

   • In the Reply URL field, enter the URL in the below format: {instanceurl}/_codescan/login/saml2/sso/{connection_id}

   • Click Save and close the dialog box.

1. Click the Edit (pencil) icon for Attributes & Claims to edit the attributes settings.

2. On the Attributes & Claims section, delete the auto-generated claims available in the Additional claims section.

1. Next, click on + Add New Claim.

1. In the Manage Claim page, fill in the below details:

1. Click Save.

2. Follow similar steps to add two more claims as mentioned in the following table:

1. Close the dialog box and navigate to Users and groups section. Click on + Add user/group button to assign users and groups to app-roles for the CodeScan application.

2. Click on Single sign-on to navigate back to the Set up Single Sign-On with SAML page.

3. In the SAML Certificate section, find Certificate (Base64) and select Download to download the certificate and save it on your computer.

1. In the SAML Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

Step 3: Configuring in CodeScan SAML Connection

Now that your Azure SSO implementation is set up, you’ll need to follow just a few more steps to configure SSO in your CodeScan account.

1. In CodeScan, on the SAML page, go to Actions and click on Edit.

2. Open the Federation Metadata XML certificate that you have earlier downloaded from Azure in a new tab of your browser.

3. In the Edit SAML Connection dialog box on CodeScan, enter the following values:

   • Provider Entity Id: Copy the entityID value from the Federation Metadata XML certificate and paste it into Provider Entity Id inside CodeScan.

   • Sign In URL: Copy the SingleSignOnService Location value and paste it into the Sign In URL inside CodeScan.

   • Open the Certificate (Base64) that you have downloaded from Azure in your Notepad++, copy the entire content and paste into the X509 Signing Certificate field of the CodeScan SAML connection.
4. Click Update on the CodeScan page.

5. The next step is to confirm your corporate domain to get the SSO working. You can confirm your domain by submitting a request to CodeScan Support.

Step 4: Testing the Single Sign-On Configuration

1. Log out of the CodeScan Console, and then log back in using the Log in with SAML2 option.

2. Enter the corporate domain name you have configured when enabling SSO inside CodeScan in the Your Company email field. For example: autorabit.com

3. You should successfully redirect to the CodeScan Organization page after authentication.