Step 3b – Add Secure Access Service Provider Metadata to Entra ID
Configure Secure Access as a generic SAML 2.0 service provider application for Entra ID. Add the Secure Access service provider metadata to Entra ID, then download the IdP metadata file from Azure to finish configuring Secure Access in the next step.
Contact Microsoft for assistance. For more information on configuring your IdP, exporting your IdP metadata, obtaining your IdP details, or downloading your IdP's signing certificate, refer to Microsoft documentation.
To configure the generic SAML Entra ID application, extract the EntityID and AssertionConsumerService values from the Secure Access metadata file and add these to the applicable fields in Entra ID:
-
Sign in to Azure and navigate to Azure services > Enterprise Applications.
-
Select New Application.
-
Select Create your own Application.
-
Give the new application a meaningful name, select Integrate any other application you don't find in the gallery (Non-gallery), and then click Create.
-
Navigate to Getting Started, and then click Set up single sign on.
-
Click SAML to select the sign-on method.
-
For Basic SAML Configuration, click Edit.
- For Identifier (Entity ID) (Microsoft Entra ID), click Add identifier and enter saml.fg.id.sse.cisco.com in the text area.
- For Reply URL (Assertion Consumer Service URL), click Add reply URL and enter https://fg.id.sse.cisco.com/gw/auth/acs/response .
-
Navigate to SAML Certificates, and then Verification certificates (optional).
-
Click Edit.
-
Chose Require verification certificatess and then click Upload certificate.
-
Upload the root certificate that you downloaded from the Cisco_SSE_SP_Metadata XML file, and then click OK.
-
Navigate to SAML Certificates > Token signing certificate.
-
For Federation Metadata XML, click Download.
Save the Federation Metadata XML file to your system and use the file to upload the configured Entra ID SAML attributes to Secure Access.
