Get Required Information For Your Microsoft Azure AD Realm (Active Authentication Only)

This task explains how to get the information required to set up a Microsoft Azure AD realm (now called Entra ID) in the Firewall Management Center.

To configure a Microsoft Azure AD (SAML) realm with the Cisco Security Cloud Control, you must get all of the following values:

Procedure

1	Log in to https://portal.azure.com/ as a user with at least the Product Designer role.
2	At the top of the page, click Microsoft Entra ID.
3	In the left column, click App Registrations.
4	If necessary, filter the list of displayed apps to show the one you want to use.
5	Click the name of your app.
6	Click Copy () next to the following values on this page and paste those values to a text file. Application (Client) ID Directory (tenant) ID
7	Click Client Credentials.
8	Unless you already know the client secret value (as opposed to the client secret ID), you must create a new client secret as follows: Click New Client Secret. Enter the required information in the provided fields. Click Add. Click Copy () next to Value as the following figure shows.
9	Click Copy () next to Secret ID and paste that value to a text file.
10	To find the event hub connection string, see Get an Event Hubs connection string from Microsoft.
11	From https://portal.azure.com/, click Event Hubs > (name of an event hub).
12	In the right pane, click Copy () next to the value of Host name and paste the value to the clipboard. This is your event hub host name.
13	Write down or copy to a text file the name of the event hub (same as the Event Hubs Namespace at the top of the page).
14	In the left pane, under Settings, click Shared access policies.
15	Click the name of a policy.
16	Click Copy () next to Connection string-primary key.
17	Click Overview > Entities > Event Hubs > (name of an event hub) > Entities > Consumer Groups. Write down the following value or copy it to the clipboard. This is your consumer group name.
18	In the left pane, click Overview.
19	Click Copy () next to Namespace. This is your event hubs topic name.
20	Return to the home page and log in if necessary: https://portal.azure.com/#home.
21	Click Microsoft Entra ID.
22	In the left pane, click Enterprise Applications.
23	If necessary, filter the list of applications to locate yours.
24	Click the name of your enterprise application.
25	Click Get Started under Set up single sign on.
26	On your SSO app page, copy the value of Identifier (Entity ID) to the clipboard. The following figure shows an example.
27	On your SSO app page, click the Download link next to Federation Metadata XML, as the following figure shows. The following figure shows an example.
28	If you've already set up your SSO app, you can stop here. The Federation Metadata XML contains all the information required to configure the identity provider in the Cloud-Delivered Firewall Management Center.
29	(Optional if you already downloaded the federation XML.) Click Copy () next to both of the following values and save them to a text file. The following figure shows an example.
30	Download the identity provider metadata. The following figure shows an example.

What to do next

See Create a Decryption Rule with Decrypt - Resign Action.

Previous topic Create a Decryption Rule with Decrypt - Resign Action Next topic Create a Microsoft Azure AD (SAML) Realm for Active Authentication (Captive Portal)