Note: Keep the Azure portal open in a separate browser window. You'll need to
copy and paste the information from it into the Google Security Operations SOAR platform.
Configure information in the Microsoft Azure portal
Sign in to the Azure portal.
Navigate to Enterprise Applications.
Locate your company's SAML sign-on app.
In the left sidebar, select Single Sign-on.
In Section 1, Basic SAML Configuration, configure the
following fields and save the changes:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-29 UTC."],[[["\u003cp\u003eThis guide provides instructions for configuring SAML authentication between Microsoft Azure and the standalone Google Security Operations SOAR platform.\u003c/p\u003e\n"],["\u003cp\u003eBefore starting, you must have an existing SAML account set up in Azure and familiarize yourself with creating/assigning user accounts, creating apps, and configuring SAML providers in Azure.\u003c/p\u003e\n"],["\u003cp\u003eConfiguration within the Azure portal involves setting the Identifier, Reply URL, and Sign on URL within the Basic SAML Configuration section.\u003c/p\u003e\n"],["\u003cp\u003eThe process in the Google SecOps SOAR platform requires creating a custom SAML provider and populating fields with information from the Azure portal, including the IDP Metadata, Identifier, and ACS URL.\u003c/p\u003e\n"],["\u003cp\u003eThe table provided shows the mapping of the field names used between Google SecOps SOAR and Microsoft Azure to make it easier to follow the instructions.\u003c/p\u003e\n"]]],[],null,["# SAML configuration for Microsoft Azure\n======================================\n\nSupported in: \n[SOAR](/chronicle/docs/secops/google-secops-soar-toc)\n\n\u003cbr /\u003e\n\n| **Note:** This document is for customers using the standalone SOAR platform only.\n\n\u003cbr /\u003e\n\nBefore you begin\n----------------\n\nEnsure the SAML account is set up in Azure before referencing the following documents:\n\n- [Create and assign a user account in Azure Active Directory](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal-assign-users)\n- [How to create an app in Azure](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal)\n- [How to configure the SAML provider in Azure](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/view-applications-portal)\n\nNote: Keep the Azure portal open in a separate browser window. You'll need to copy and paste the information from it into the Google Security Operations SOAR platform.\n\nConfigure information in the Microsoft Azure portal\n---------------------------------------------------\n\n1. Sign in to the Azure portal.\n2. Navigate to **Enterprise Applications**.\n3. Locate your company's SAML sign-on app.\n4. In the left sidebar, select **Single Sign-on**.\n5. In Section 1, **Basic SAML Configuration** , configure the following fields and save the changes:\n 1. **Identifier (Entity ID)** : `https://platform_Address/Saml2/`\n 2. **Reply URL (Assertion Consumer Service URL)** : `https://platform_Address/Saml2/ACS`\n 3. **Sign on URL** : `https://platform_Address/Saml2/`\n\n[](/static/chronicle/images/soar/samlazure.png).\n\nConfigure Azure in\nGoogle SecOps SOAR\n-------------------------------------\n\n1. Go to **Settings \\\u003e Advanced \\\u003e External\n Authentication**.\n2. Create a new SAML provider.\n3. In the **Provider Type** menu, select **Custom SAML Provider**.\n4. Enter a provider name. For example, `mycompany_Azure`.\n\nThe other fields are filled using information from the Azure portal as\nfollows:\n**IDP Metadata**\n\n1. Return to the Azure portal.\n2. In the **SAML Certificates** section, locate the **Federation Metadata XML** field.\n3. Click **Download** and save the XML file.\n4. Return to the Google Security Operations platform.\n5. In the **IDP Metadata** field, upload the XML file you just got from the Azure platform.\n\n**Identifier**\n\n1. Return to the Azure portal.\n2. In the **Set up \\\\** section, locate the **Microsoft Entra Identifier** field.\n3. Copy the data in the field.\n4. Return to the Google SecOps platform.\n5. Paste the value into the **Identifier** field.\n\n**ACS URL**\n\n1. Return to the Azure portal.\n2. In the **Basic SAML Configuration** section, locate the **Sign On URL** field.\n3. Copy the data in the field.\n4. Return to the Google SecOps platform.\n5. Paste the value into the **ACS URL** field.\n\nLegend\n------\n\nFor more information, see [External Authentication.](/chronicle/docs/soar/admin-tasks/saml-soar-only/external-authentication)\n\n**Need more help?** [Get answers from Community members and Google SecOps professionals.](https://security.googlecloudcommunity.com/google-security-operations-2)"]]
.