Skip to main content
Skip table of contents

Configure SSO with Azure AD

This section explains how to configure Web Console Single Sign-On using your Azure AD SAML app.

The Azure AD admin UI changes periodically, and the official Azure AD SAML 2.0 setup documentation is found here:
https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-saml-single-sign-on

Create the SAML App in Azure AD

  1. Log in to the Azure AD Admin Portal. 

    Make sure you are administering the correct tenant for integration with LogRhythm Web Console.
  2. In the left-side navigation bar, click Enterprise applications.
    The applications window appears.
  3. At the top of the applications window, click New application, then click the Non-gallery application tile.
  4. Enter your App Name (for example, LogRhythm Web Console - LRXM01 or LogRhythm WC - Boulder).
  5. Click Add.
  6. In the left-side navigation bar in the Manage section, click Single sign-on, then click the SAML tile.
    The Set up Single Sign-On with SAML page appears.
  7. In the Basic SAML Configuration section, click the Edit

     icon. 
    The Basic SAML Configuration page appears. Enter the following parameters:

    NameExample FormatRequired
    Identifier (Entity ID)https://<FQDN_or_Hostname_or_IP_of_WebConsole>Yes
    Reply URL (Assertion Consumer Service URL)

    https://<FQDN_or_Hostname_or_IP_of_WebConsole>:8443/saml

    If your Web Console uses a port other than the default of 8443, enter your customized port number instead of 8443. For more information, see LogRhythm Web UI.

    Yes
    Sign On URLLeave blank.No
    Relay StateLeave blank.No
    Logout URLLeave blank.No
  8. Click Save, then click Close.
  9. When prompted to test single sign-on, click No, I'll do it later.
  10. In the User Attributes & Claims section, click the Edit

     icon. 
    The User Attributes & Claims page appears. 

  11. Click Save.
  12. Click Add new claim. Enter the following parameters:

    NameNamespaceSourceSource Attribute
    firstNameLeave blankAttributeuser.givenname
  13. Click Save.
  14. Click Add new claim. Enter the following parameters:

    NameNamespaceSourceSource Attribute
    lastNameLeave blankAttributeuser.surname
  15. Click Save, then click Close.
  16. In the left-side navigation bar in the Manage section, click Users and groups.
    The Users and Groups page appears.
  17. Click Add user.
    The Add Assignment page appears.
  18. Click Users and groups.
  19. Select the users you want to have access to the LogRhythm Web Console.

    When you click on a user, the name appears under Selected members.
  20. When you are finished selecting users, click Select at the bottom of the page.
  21. At the bottom of the Add Assignment page, click Assign.
  22. You are done creating the SAML app in Azure AD.


Gather IdP SSO Configuration Data

  1. Log in to the Azure AD Admin Portal.
  2. In the left-side navigation bar, click Enterprise applications.
    The applications window appears.
  3. Click the SAML app you created for LogRhythm SSO.
  4. In the left-side navigation bar in the Manage section, click Single sign-on.
  5. From this summary page, locate the values for the Certificate (Base64) and Login URL fields. Copy and paste the values to a temporary location:
    1. Certificate (Base64): Download and open the certificate with a text editor, then copy the text.
    2. Login URL

Enable Single-Sign On in the LogRhythm Web Console (Admins Only)

  1. Log in to the Web Console with an administrator account or with an account that has SSO Management permissions.
  2. In the upper-right corner, click the Administration drop-down icon, then click Single Sign-On.
    The Single Sign-On Configuration menu appears.
  3. Click the Single Sign-On Enabled button. The menu expands to reveal configuration fields.
  4. Enter the following parameters:

    If you want to choose a User Profile that is specific to newly-created SSO users, consider creating the desired User Profile in the SIEM before this step.

    NameExample Format

    Web Console Callback URL

    https://<FQDN_or_Hostname_or_IP_of_WebConsole>:8443/saml

    Web Console Identifier (Entity ID)https://<FQDN_or_Hostname_or_IP_of_WebConsole>
    IdP Entry PointLogin URL copied from Azure AD.
    IdP CertificateCertificate (Base64) copied from Azure AD.
    Default User ProfileThe User Profile to be assigned via User Auto-Provisioning to new SSO users.

    If you do not see all of the expected User Profiles in the drop down menu, contact your SIEM administrator to make sure they have enabled your Manage User Profiles and Single Sign-On Management (Web Console) permissions.

  5. Click Save

    While saving, your Web Console will temporarily disconnect and you will see either Reconnecting or Disconnected status in the upper-right corner.

    Refresh your browser if prompted to do so.

  6. After your Web Console refreshes and the status shows Connected, your SSO for the Web Console is enabled.
  7. In the upper-right corner, click the User drop-down icon, and then click Logout
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.