This describes how you can set up SAML with Microsoft Entra ID. Microsoft renamed Azure Active Directory (Azure AD) to Entra ID. If you are currently using Azure AD in your organization, you can continue to use the service without interruption.
Prerequisites: You have the required administrative permissions to configure SAML support in the Automox console and in the Microsoft management service.
The following topics are described here:
Automox Configure SAML Window
To complete this procedure, you must log in to the Automox console and have the information available from the Configure SAML window. Refer to Security: SAML-based Single Sign-on (SSO) for details about accessing the Security > SAML data.
Setting Up SAML with Microsoft Admin Center
In the Microsoft admin center, you must configure an Enterprise Application (Automox) and enable users for it. Refer to the Microsoft documentation for the most up-to-date version of the process. The basic outline is described here:
Log in to the Microsoft admin center:
Note: We refer to Microsoft in general for Microsoft Entra ID or Azure AD.
Go to Enterprise applications. See also: https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/add-application-portal.
Click New Application.
Click Create your own application.
-
Enter a name for your app.
Under “What are you planning to do with your application”, select Integrate any other application you don’t find in the gallery (Non-gallery).
Click Create.
Go to Manage > Single sign-on and select SAML.
-
Under Basic SAML Configuration, click Edit. Now refer to your Automox console:
-
From the Automox > Configure SAML window, copy and paste these entries into the Microsoft Basic SAML Configuration. Remember to modify the URL to point to your org:
Automox Entity ID → Identifier (Entity ID)
Automox ACS URL → Reply URL (Assertion Consumer Service URL)
Automox Dashboard URL including org id → Relay State. For example:
https://console.automox.com/dashboard?o=<Your Org ID>
Click Save. Close this configuration window.
-
-
In Microsoft, go to SAML Certificates and download the Certificate (Base64).
Open the certificate using a basic text editor and copy the certificate (excluding any trailing blank lines). This is known as x509 for the next step.
Go to the Automox > Configure SAML window and paste into the x509 field.
-
In Microsoft, scroll to Set up Automox (where “Automox” is whatever you named your Enterprise Application in Microsoft). Refer to this page to configure SAML in Automox.
-
Copy and paste the following from Microsoft to the Automox Configure SAML window:
Login URL → Login URL
Microsoft Entra Identifier → Entity ID
Logout URL → Logout URL
Select (Optional) Provision New Users. (Note: This setting is recommended to make it easier to add users who are new to Automox.)
Switch on Enable SAML for users of the zone. (This is at the top of the Automox Configure SAML window.)
Save the SAML configuration in Automox.
Logout of Automox.
-
-
Enable Automox (your Enterprise App) to be seen in the users app launcher (https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/access-panel-collections)
Microsoft → Manage, click User Settings.
“User feature previews” section → click Manage user feature preview settings
“Users can use preview features for My Apps” → select “All”.
-
You can enable users to access Automox from within Microsoft.
Go to Manage → Enterprise Applications → Automox (or whatever you called your enterprise app).
In the Getting Started section, click Assign users and groups.
+ Add user/group.
Select and assign the user(s). Use the search to find users, as needed.
The newly displayed user can access Automox with this same email address by going to My Apps in Microsoft 365. Select the new enterprise app (Automox) tile.
User Provisioning
To automatically provision a user, select the (Optional) Provision New users checkbox in the Automox Configure SAML window. Then do as follows:
The user must log in to https://myapplications.microsoft.com/
The Automox Enterprise Application should appear. Click the tile to launch Automox.
Manual Provisioning
To manually provision a user with SAML/SSO enabled, follow these steps in Automox:
Navigate to the Global Users management page (Manage Zones and Users button underneath the Org selection tab).
Click Users, then click Add User. Enter the same email address that is associated with the user account that you added to the Enterprise Application on the Microsoft side.
Once you add the user, an invitation email is sent to the address for the user to authorize their account.
After that is completed, the user will be able to log in through console.automox.com with their email address; this will forward them to Microsoft for authentication. Users can also log in to the console with the tile from the My Apps page in Microsoft.
Note: When provisioning users, the user is created in Automox as a Read-Only user. The global administrator or zone administrator can adjust the role for the newly-created users by going to Setup & Configuration → Users.