Configure Microsoft Active Directory - SAML

About this task

Use this task to configure your identity provider (IdP) with Microsoft Active Directory - SAML.

Procedure

  1. Select Onboarding.
    The welcome window displays.
  2. Select Secure Hybrid Access [Secure Application Access or Secure Network Access].
    The system displays the Identity Provider window with ExtremeCloud Universal ZTNAselected.
  3. Select Next.
    The Onboarding window displays.
  4. Select the Link to review the comprehensive tutorial on creating a SAML-based SSO in Microsoft Active Directory.
  5. Copy and paste the Identifier and Reply URL links in Entra ID as per instructions in the tutorial.
    Entra ID creates a Login URL and Microsoft ADFS Identifier.
  6. Paste the Login URL and Microsoft ADFS Identifier into their Universal ZTNA fields.
  7. Upload the SAML Signing Certificate you downloaded from Entra ID

    The UI instructions explain how to upload the certificate.

  8. Optional: Select All Domains or Custom and enter the domain.
    If you select Custom, fill in the approved domains. Applicable for network and application access.
  9. Select Secure Network Access network.
  10. Select Update.
    Update Identity Provider pop-up window displays. This message cautions you that the Identity Provider change logs out current users.
  11. If you decide to continue, select Confirm.
  12. Select Next.
    The Onboarding - Access Groups window displays.
  13. Configure Access Groups.
  14. Configure Resources.
  15. Configure Applications and Application Groups.
    You can skip this step if you are using Secure Network Access.
  16. Configure Policies.

Results

Your onboarding is complete. Your users, applications, and devices can now access the network securely.

9038015-00 Rev AB