Microsoft Entra ID and SAML Authentication Setup

Complete the following steps to successfully set up your Microsoft Entra ID and SAML (Security Assertion Markup Language) authentication.

 

See the Troubleshooting section if you experience errors during your setup.

 

Microsoft Entra ID Setup

1. Navigate to and log into your Asset Panda account.
2. Open a second tab, and then navigate and log into the Microsoft Entra ID admin center: https://aad.portal.azure.com. (You will navigate back to the Asset Panda tab in later steps.)

NOTE: You must have an administrative account to complete these setups.

 

3. Select Enterprise applications.

4. Click New application.

 

5. Click Create your own application.

6. Name the new application Asset Panda, and then select the Integrate any other application you don't find in the gallery (Non-gallery) radio button.

 

7. Click Create.
8. Asset Panda should now display on the Enterprise Applications screen. Proceed to and complete the steps in the SAML Authentication Setup section.

 

SAML Authentication Setup

1. Select Asset Panda from the Enterprise applications screen.

2. Select Assign users and groups.

NOTE: Users and/or groups must be added so they can be added to SSO.

3. Click the Add user/group button.

4. Click None Selected from the Users and/or Groups section (depending on which you wish to add).

NOTE: You have the option to add either Users, Groups, or both.

 

 

5. Click on the user(s)/group(s) you wish to assign, and then click Select.

NOTE: All selected users/groups are moved to the Selected items section. Click Remove to remove any of them from the Selected Items section.

6. Click Assign.

 

NOTE: You are returned back to the Users and Groups page.

7. Select Single sign-on. 

 

8. Select SAML.

9. Proceed to the Configuration section below.

 

Configuration

NOTE: Unless otherwise specified, some of the information contained on your screens may initially appear slightly different than the screenshots shown in this section. 

1. Navigate to the Basic SAML Configuration section, and then click the Edit icon.

 

NOTE: The URLs in Steps 2 and 3 must be unique. You will receive an error if the URLs have already been used.

2. Enter https://login.assetpanda.com as the Identifier (Entity ID). Check the Default box to create a required field.
3. Enter https://login.assetpanda.com/users/auth/saml/callback as the Reply URL (Assertion Consumer Service URL). Check the Default box to create a required field.

NOTE: Click the Edit icon again if the Reply URL does not display as a Required field, and make sure it is selected. If it is selected and still not displaying as Required, refresh your screen.

 

4. Click Save. 

5. Navigate to the Attributes & Claims section, and then click the Edit icon.

6. Click on the Unique User Identifier (Name ID) to open the Manage claim page.

 

7. Leave the Name identifier format as Email address.
8. Select the Attribute radio button, and then select user.mail from the Source attribute drop-down menu. 

If you are using a User Principle Name (UPN) instead of an email address, select user.userprincipalname as the Source Attribute.

 

 

9. Click Save.
10. The Unique User Identifier (Name ID) should display user.mail for an email address, or

 

user.userprincipalname for a UPN.

 

11. Right-click on the ellipses  of any additional claims, and then select Delete to delete those claims.

 

12. Navigate to the SAML Signing Certification section.
13. Click the Certificate (Base64) Download link.

 

14. Open the downloaded file and save as a text (.txt) file or leave open and minimize the screen for later use (see step #21).
15. Navigate to the Set up Asset Panda section.

 

16. Click the copy icon  of the Login URL to copy the URL to the clipboard. (Paste to a text (.txt) file as this will be used in step #20.)

 

17. Navigate back to Asset Panda.

NOTE: Do not close the SAML configuration page. You will navigate back to it again in Step 23.

18. Click the settings  icon, and then select SSO.

19. Select Certificate from the Configuration drop-down menu (if not already selected).

 

20. Paste the Login URL (see step #16) into the SSO URL field.
21. Paste the contents from the saved Certificate (Base64) downloaded text file (see step #13).

NOTE: Copy and paste ONLY the contents contained between the BEGIN CERTIFICATE and END CERTIFICATE section.

22. Click Save.
23. Navigate back to the SAML configuration page, and then navigate to the Test single sign-on with Asset Panda section.

24. Click Test to test your configuration.

25. Select a sign in option to test the single sign-on authentication. 

 

The system will automatically begin to run the test and you will be redirected back to Asset Panda, letting you know if the authentication was a success. (See the Troubleshooting section if the authentication was unsuccessful and/or review all previous steps.)

See the Troubleshooting section below if you experience errors during your setup.

 

Troubleshooting

Complete the troubleshooting steps below if you encounter any of the following:

• Test failure - Review all steps above to make sure all links and settings match exactly and were saved correctly.
• Too many redirects - If you receive this error while accessing your SSO login page, check the SSO URL within the Asset Panda Sso configuration to confirm that it is correct.
• User must be assigned a role or needs permission - Click the following Microsoft Entra ID troubleshooting documentation links to assist with this issue:
  • If you receive Error: AADSTS50105 - Quickstart: Assign users to an app that uses Microsoft Entra ID as an identity provider