LogoLogo
GoodAccess WebsiteRequest Free TrialDownload App
  • Getting Started
    • 1. What is GoodAccess?
    • 2. Architecture Overview
    • 3. Sign up for Free Trial
    • 4. Download App & Connect
  • 🖥️Configuration guides
    • Features
      • Zero Trust Access Control
        • Access Cards
        • Device Posture Check
        • Device Approval
        • Geo Restrictions
      • API Integration
        • API Reference
          • Members
          • Groups
          • Systems
          • Access Cards
          • Relations
          • Gateways
          • Logs
        • Acronis Integration
      • SIEM Integration
      • SSO/SCIM
        • Auth0
        • Cisco Duo
        • Google Workspace
        • JumpCloud
        • Microsoft Entra ID
        • Okta
        • OneLogin
        • Ping Identity
        • Universal (SAML)
      • MFA
      • Passkeys
      • MSI deployment
      • Threat Blocker
      • Custom Domain Blocking
      • DNS Management
      • Split Tunneling
      • Port Forwarding
    • Branch Connector
      • Cisco
      • Cisco Meraki
      • FortiGate
      • MikroTik
      • SonicWall
      • UniFi USG
      • Zyxel Nebula Control Center
      • Other supported routers and firewalls
    • Cloud Connector
      • AWS
      • Google Cloud
      • Microsoft Azure
      • Other Public Cloud providers
    • IP whitelisting
      • APACHE Web Server
      • AWS VPC
      • Azure (Office 365)
      • Google Cloud
      • Google Workspace
      • Magento
      • Microsoft IIS
      • NGINX
        • Domain
        • Subdomain
        • URL
      • OpenCart
      • PHP
      • PHPMyAdmin
      • Pipedrive
      • SalesForce
      • SSH server
      • WordPress
      • Zoho CRM
    • Linux
      • DEB repository
      • RPM repository
      • Manual installation
      • Linux Troubleshooting
  • 🆘FAQ & Troubleshooting
    • FAQ
      • Business
      • Technical
    • Troubleshooting
  • 📓Product Changelog
    • Windows
    • macOS
Powered by GitBook
On this page
  • Step 1 - Adding a new identity provider
  • Step 2 - Setting up Single Sign-On with SAML
  • 1. Basic SAML Configuration
  • 2. Attributes & Claims
  • 3. SAML Certificates
  • 4. Set up GoodAccess
  • Step 3 (optional) - Setting up SCIM
  • 1. Attribute Mapping
  • 2. (optional) Removing groups from provisioning
  • 3. Starting the provisioning
  • Step 4 - Managing user access

Was this helpful?

  1. Configuration guides
  2. Features
  3. SSO/SCIM

Microsoft Entra ID

This guide will show you how to integrate GoodAccess with Microsoft Entra ID SSO/SCIM.

PreviousJumpCloudNextOkta

Last updated 14 days ago

Was this helpful?

This feature is available in the Premium plan and higher.

Remember to to GoodAccess. Users without them won't be able to log in.

Step 1 - Adding a new identity provider

Click + Add provider, enter the Provider name, choose your Identity Provider, and click Continue.

Step 2 - Setting up Single Sign-On with SAML

Log in to the , and go to Enterprise applications (you can use the searchbar).

Click + New application, and + Create your own application.

Give the application a name, choose Integrate any other application you don't find in the gallery (Non-gallery), and click Create.

In your new application go to Single Sign-On > SAML.

1. Basic SAML Configuration

Click Edit to open Basic SAML Configuration.

Copy the details from GoodAccess - (2) GoodAccess links.

  • Identifier - Entity ID

  • Reply URL - Assertion Consumer Service URL

  • Sign on URL - Login URL

  • Relay State - Relay State

Return to GoodAccess, and click Continue.

Return to Azure, and click Save.

2. Attributes & Claims

Click Edit to open Attributes & Claims.

Under the Additional claims section click on the record with the value user.userprincipalname and edit it as follows:

  • Name - "name" (without quotes)

  • Namespace - Delete pre-filled URL

Click Save.

Then, still in the Additional claims section click on the record with the value user.mail and edit it as follows:

  • Name - "email" (without quotes)

  • Namespace - Delete pre-filled URL

  • Source attribute - user.userprincipalname

Don't forget to Save.

3. SAML Certificates

Download the Certificate (Base64), and open the file in a text editor (e.g. Notepad).

4. Set up GoodAccess

Copy the details to GoodAccess - (3) Identity Provider links, and click Continue.

  • Sign in URL - Login URL

  • Entity ID - Microsoft Entra ID Identifier

  • X509 signing certificate - Copy the certificate from the text editor

If you don't want to setup SCIM, skip the next step in GoodAccess, and click Submit to finish the configuration.

You have now successfully set up your Microsoft Entra ID SSO with GoodAccess.

Step 3 (optional) - Setting up SCIM

In the application, go to Provisioning > Provisioning, and set Provisioning mode to Automatic.

Expand Admin Credentials, and copy the URL and Token from GoodAccess - (4) User provisioning (SCIM).

Return to GoodAccess, and click Submit.

Return to Azure, and click Test Connection, and Save to confirm your settings.

1. Attribute Mapping

Open Mappings, and select Provision Microsoft Entra ID Users.

Here, make sure that only the following four attributes are listed:

  • userName

  • active

  • displayName

  • externalId

If there are other attributes except these four, Delete them to prevent provisioning issues.

Don't forget to Save.

2. (optional) Removing groups from provisioning

Open Mappings, and select Provision Microsoft Entra ID Groups.

Switch the Enabled button to No, and click Save.

3. Starting the provisioning

During Provisioning on demand, delays may occur when 2 or more user accounts are created in GoodAccess. The delay may be long enough to cause timeout errors in Azure, but the provisioning will still be completed correctly.

Go to Overview, and click Start provisioning.

The whole provisioning process will take around 20 minutes to complete depending on the number of members and groups being added.

You have now successfully set up Microsoft Entra ID SCIM with GoodAccess.

Step 4 - Managing user access

In the application, go to Users and groups, and click + Add user/group.

Choose who should have access, and click Assign.

🖥️
Log in to the GoodAccess Control Panel, and go to Settings > SSO & Identity.
Azure Portal
grant your Azure users access permissions
Creating a new enterprise application
Creating a new enterprise application
Selecting SAML as a single sign-on method
Opening the Basic SAML Configuration
Setting up the Basic SAML Configuration
Setting up Attributes & Claims
Managing the "user.userprincipalname" claim
Managing the "user.mail" claim
Downloading the certificate
Setting up GoodAccess
Setting up SCIM
Setting up the Attribute Mapping
Setting up the Attribute Mapping
Removing groups from provisioning
Removing groups from provisioning
Starting the provisioning
Managing user access
Azure Portal with key steps to creating a new enterprise application.
Azure Portal with key steps to creating a new enterprise application.
Azure Portal with key steps to selecting SAML as a single sign-on method for the enterprise application.
Azure Portal with key steps to opening the "Basic SAML Configuration".
Azure Portal with key steps to setting up the "Basic SAML Configuration".
Azure Portal with key steps to setting up the "Attributes & Claims".
Azure Portal with key steps to managing the "user.userprincipalname" claim.
Azure Portal with key steps to managing the "user.mail" claim.
Azure Portal with key steps to downloading the certificate.
Azure Portal with key steps to setting up GoodAccess.
Azure Portal with key steps to setting up SCIM.
Azure Portal with key steps to setting up the "Attribute Mapping".
Azure Portal with key steps to setting up the "Attribute Mapping".
Azure Portal with key steps to removing groups from provisioning.
Azure Portal with key steps to removing groups from provisioning.
Azure Portal with key steps to starting the provisioning.
Azure Portal with key steps to managing user access.