Entra ID Integration

This article describes the process of integrating Arnica with Microsoft Entra SSO

Entra integration instructions

By integrating Arnica with Entra single sign on (SSO) you can ensure that all users authenticating with Arnica are doing so through your organizations-managed Entra provisioning and de-provisioning. The setup of the integration requires taking steps on Arnica and Entra. Below are the details.

Get organization identified in Arnica

  1. Sign into Arnica https://app.arnica.io/ and click on your avatar.

  2. Select Edit Account

  3. Copy the Organization ID (we will call it YOUR_ARNICA_ORGANIZATION_ID in the next steps in this guide).

Add app integration in Entra

The following steps must be completed by a Cloud Application Administrator, or owner of the service principal:

  1. Navigate to Microsoft's Entra admin center via the following URL: https://entra.microsoft.com/. This page will result in a 401 error if you do not have permissions.

  2. Click on Add and select Enterprise Application.

  1. You will then be redirect to Microsoft's Entra Gallery. Choose the option to Create your own application.

  1. Name the integration Arnica and choose the option to integrate with a non-gallery application.

  1. Under Getting Started select Set up single sign on.

  1. Choose SAML as the Single sign-on method.

  1. Basic SAML configuration A. Identifier (Entity ID): enter urn:auth0:arnica-prod:{YOUR_ARNICA_ORGANIZATION_ID} B. Reply URL: enter https://arnica-prod.us.auth0.com/login/callback?connection={YOUR_ARNICA_ORGANIZATION_ID} C. Leave the other fields with their default value.

  1. In “Attribute Statements”: add the following mappings (These statements may be included by default)

Name
Type
Value

emailaddress

SAML

user.mail

givenname

SAML

user.givenname

surname

SAML

user.surname

email_verified

SAML

true

  1. In "Add a Group Claim": add the following mapping: a. Set Group association to "Groups assigned to the application" b. Change Source attribute to "Cloud-only group display names"

⚠️ IMPORTANT: This configuration will only pass groups that have been assigned to the Arnica SAML application.

  1. SAML Certificates A. Download a copy of your signing certificate (Base64) B. Copy your login URL

  1. Send the following to [email protected] the following information.

    1. Subject: SSO Onboarding Request

    2. Email domain: the domain for which you would like to setup SSO, e.g., yourcompany.com

    3. Arnica Organization ID: your arnica organization ID obtained earlier.

    4. Login URL: the Login URL from the step above.

    5. Attach the Signing Certificate from the step above.

    6. Leave a contact phone number and available times for Arnica’s customer success to help with the onboarding process.

    7. We are typically fast at responding to these requests, but please allow up to 1-2 business days to get confirmation.

Last updated

Was this helpful?