Skip to main content
Skip table of contents

Microsoft Entra ID (Azure AD)

LAST UPDATED: OCTOBER 16, 2025

Overview

This guide provides instructions for configuring a custom SAML application in Microsoft Entra ID and integrating it with D3 SOAR. It guides reader through creating and setting up an enterprise application in Azure portal, configuring SAML for SSO, managing SAML signing certificates, and ensuring proper setup of configuration files.

Procedure

Perform the following steps in sequence.

Creating App Roles in Entra ID

View Instructions for Creating App Roles in Entra ID

  1. Navigate to Manage > App roles, then click on the + Create app roles button.

    Frame 40.png

READER NOTE *

If the Manage > App roles item does not appear within the left sidebar, access it via the application registration link through the Manage > Users and groups page.

Frame 42-20250911-183350.png

  1. Configure the required fields, then click on the Apply button.

    Frame 41 (1)-20250911-182236.png

  2. Verify that a new app role record has been created.

    Frame 43-20250911-184049.png

Creating Users in Entra ID

View Instructions for Creating Users in Entra ID

  1. Click on Users and groups within the left sidebar.

    Frame 26-20240617-214611.png

  2. Click on the + Add user/group button.

    Frame 27-20240617-214828.png

  3. Click on the + New user dropdown menu, then click on the Create new user menu option.

    Frame 28 (1)-20240617-215637.png

  4. Enter all the input fields within the Identity form, then click on the Review + create button.

    Frame 29 (2)-20240617-220600.png

  5. Review your information, then click on the Create button.

    Frame 30-20240617-220820.png

Assigning App Roles to Users in Entra ID

View Instructions for Assigning App Role to Users in Entra ID

  1. Navigate to the Manage > Users and groups, then click on the + Add user/group button.

    Frame 44-20250911-201520.png

  2. Select a user.

    Frame 45-20250911-202145.png

  3. Click on the Select a role option.

    Frame 46-20250911-202359.png

  4. Select a role.

    Frame 47-20250911-202740.png

  5. Click on the portal.azure.com_ (5) 2-20250911-202911.png button located at the bottom left corner.

  6. Verify that the corresponding record has been added.

    Frame 49-20250911-203846.png

Creating An Enterprise Application

View Instructions for Creating an Enterprise Application

  1. Navigate to the Azure portal login page at https://portal.azure.com/#home and log in to proceed.

  2. Search for and select Azure Active Directory using the search bar.

    Frame 1 (1)-20240615-003948.png

  3. Click on Enterprise applications within the left sidebar.

    Frame 2-20240615-004306.png

  4. Click on the + New Application button.

    Frame 3 (1)-20240615-004920.png

  5. Click on the + Create your own application button.

    Frame 4 (1)-20240615-004950.png

  6. Enter a name for your D3 enterprise application.

  7. Select the Integrate any other application you don't find in the gallery (Non-gallery) radio option.

    Frame 5-20240615-005313.png

  8. Click on the Create button.

  9. Click on the app you created, then navigate to Single sign-on in the menu.

    Frame 8-20240615-010237.png

  10. Select the SAML option.

    Frame 7-20240615-010013.png

RESULT

You will now see the following screen.

Frame 23 (1)-20240617-172454.png

Configuring SSO with SAML

View Instructions for Configuring SSO with SAML

  1. Click on theFrame 16-20240615-194206.pngbutton within the Basic SAML Configuration section.

    Frame 10-20240615-010654.png

  2. Click on the Add identifier and Add reply URL hyperlinks.

    Frame 13-20240615-185729.png

  3. Enter your D3 SOAR URL (ending with /D3SOC) into the Identifier (Entity ID) input field.

  4. Enter your D3 SOAR URL (ending with /D3SOC/D3SAML) into the Reply URL (Assertion Consumer Service URL) input field.

    Frame 35 (2)-20250902-190356.png

READER NOTE*

For vSOC versions 17.4 and later:

  • The Identifier (Entity ID) must start with https://, and end with /VSOC/D3SOC

  • The Reply URL (ACS URL) must start with https://, and end with /VSOC/D3SOC/D3SAML

For vSOC versions 17.3 and earlier:

  • The Identifier (Entity ID) must start with https://, and end with /VSOC

  • The Reply URL (ACS URL) must start with https://, and end with /VSOC/Login.aspx

  1. Click on theFrame 15-20240615-191552.pngbutton.

  2. Click on the Edit button within the Attributes & Claims section.

    Frame 38-20250902-221258.png

  3. Configure the claim with any arbitrary string for both the name and the namespace, then set user.assignedroles as the source attribute.

    Frame 39-20250902-221758.png

  4. Click on theFrame 15-20240615-191552.pngbutton.

  5. Paste <namespace>/<claim name> into the Claim Name field in D3 vSOC.

    Frame 51 (1)-20250911-212426.png

  6. Configure the role attribute mapping in D3 vSOC.

    Frame 52 (1)-20250911-223352.png

HOW IT WORKS *

At login, the values (not display name) of the roles assigned in Entra ID are matched against the App Role Value defined in D3 Role Attribute Mapping records to determine the user's corresponding D3 role.

  • If multiple matches are found, the D3 role from the record with the lowest Priority value will be applied.

  • If no match is found, login will be denied.

  1. Click on theFrame 16-20240615-194206.pngbutton under the SAML Certificates section.

    Frame 37 (1)-20250902-212756.png

  2. Select the Sign SAML response signing option.

    Frame 18-20240615-194801.png

  3. Click on theFrame 15-20240615-191552.pngbutton.

  4. Click on Download hyperlink for Certificate (Base64).

    Frame 25-20240617-172726.png

READER NOTE

Before proceeding to the next section, ensure that you have:

  • Created D3 user accounts (Organization Management > Users > + Add Users).

    • The SAMLEmailIDType configuration key in vSOC's Application Settings > Web Config determines what one's D3 username must be (full email address or only the local part of the email address).

  • Assigned login methods to D3 user accounts (Application Settings > Login Authentication > Users).

Login to D3 vSOC via Entra ID

  1. Click on Properties within the left sidebar.

  2. Click on the Frame 21-20240615-204056.png icon for the User access URL.

    Frame 36-20250902-192037.png

READER NOTE*

Ensure that the Login Authentication Certificate is configured in vSOC before proceeding.

  • The Target URL field of the Login Authentication Certificate is to be filled with the Entra ID User access URL.

  • The content within the previously downloaded Certificate (Base64) goes into the Certificate field.

  1. Paste the User access URL into a new browser tab and press the Enter.

  2. Sign in to Microsoft Azure.

    Frame 23-20240617-172058.png

RESULT

After successful authentication, the user is redirected to D3 vSOC.

Frame 22-20240615-205532.png

If assistance with the setup process is required, the user may send the SAML User Access URL and Certificate (Base64) to D3.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close