In Microsoft Azure Portal
- In a new browser tab, log in to your Azure portal.
- Select Azure Active Directory > Enterprise Applications.
- Select New Application.
- Select Create Your Own Application.
- Enter a display name (example: Lookout Isolation
- Select Integrate any other Application you don’t find in the gallery (Non-gallery), and select
Create.
- Select Assign Users and groups.
- Select the Add user/group tab.
- Add an assignment.
- Click Users and groups to add all users who need access to isolation.
- Search for the user/group.
- Click the Select and Assign buttons.
- Select the Single sign-on > SAML box.
- Select Edit: Basic SAML Configuration.
- Under Identifier (Entity ID), select Add identifier.
- Copy the SP Entity ID value provided by Lookout and enter it in the Azure Identifier (Entity ID)
field.
https://sso.lookout-isolation.com/sso/saml/<TenantID>/ - Select Add Reply URL.
- Copy the SP Post Back URL and enter it into the Azure Reply URL (Assertion Consumer Service URL).
https://sso.lookout-isolation.com/sso/saml/<TenantID>/login - Click Save at the top of the panel.
- Configure the Relay State field for SP-initiated SAML assertions using these values.Set 4 as the Relay State.
The Relay State instructs the application where to redirect users until after authentication is complete. The value is typically a URL or a URL path that takes users to a specific location in the application.
Relay State SP-initiated session 4 Silo Web Client (clientless) - Set the Unique User Identifier as user.principalname.
- Select Edit in the SAML-based Sign-on Box 3: SAML Signing Certificate.
- In the Signing Option prompt, select Sign SAML Response.
- Save your changes.
- Click the Download link for the Certificate (Base64) in Box 3: SAML Signing Certificate.This will be uploaded to the Authentic8 Administration Console in a later step.
