How to Configure SSO in the Lumu MSP Portal using Entra ID Active Directory
Requirements
- Administrator access to your Entra ID portal.
- Lumu Support has provided you with the necessary instructions and requirements for configuring SSO with Entra ID.
Entra ID Settings
1. Go to https://portal.azure.com/ and log in to your Entra ID portal. Open the left menu and click on Microsoft Entra ID.
2. Click on the Add menu to open it, and select Enterprise Application.
3. Click on the Create your own application button.4. In the pop-up form, give your app a name without any white spaces. Select the option Integrate any other application you don't find in the gallery (Non-gallery). Then, click on the Create button.
5. Now we need to set up the SAML app. In the left menu, click on Users and groups. Click on Add user/group and proceed to add the users for your app.
6. In the next step, click on None Selected and select the users you want to add to your app. Click on the Select button at the bottom to add the selected users.
7. Go to Single sign-on and click on SAML.
8. Next, click on Basic SAML Configuration on the pen icon to edit.
9. On the pop-up form, click on Add identifier under Identifier (Entity ID) and provide a name without any blank spaces. Write it down and save it for later, as you will need to send it. Then, click on Reply URL (Assertion Consumer Service URL) and add the following URL: https://managed.lumu.io/api/msp/users/saml/auth. Click "Save" to proceed.
10. Back on the Single sign-on section, click the Edit link in the Attributes & Claims section.
Ensure that you have the default claim name:
Claim Name: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameClaim Value: user.userprincipalname11. Back again in the ‘Single sign-on’ menu, on the "SAML certificates" section, click on the first "Edit" link.
12. In the pop-up window, select "Sign SAML response and assertion" as the signing option, and finish by clicking “Save”.
13. Collect the following information to send to Lumu Support:
Identifier (Entity ID): SSOLUMU
Certificate (Base 64): Click it to download and send it to Lumu.Login URL: https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/saml2Entra ID AD Identifier: https://sts.windows.net/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/Once you have collected this information, share it with Lumu Support. They will complete the setup and configuration on their end. Once the SSO implementation is complete, Lumu Portal users will be able to log in.
If you encounter any issues or have questions during the configuration process, contact Lumu Support for assistance.
Related Articles
How to Configure SSO in the Lumu MSP Portal using Okta
The Lumu Portal provides SSO with Okta, a third-party authentication service that enables users to log in to the Lumu Portal seamlessly. When you configure SSO in your Lumu Portal, your users can connect without the need for separate login ...How to Configure SSO in the Lumu MSP Portal using Thales (Safenet Trusted Access)
The Lumu MSP Portal provides SSO with Thales (Safenet Trusted Access), a third-party authentication service that enables users to log in to the Lumu MSP Portal seamlessly. When you configure SSO in your Lumu MSP Portal, your users can connect without ...Lumu MSP - Getting Started
Managed Service Providers (MSP) are one of Lumu’s finest partners when it comes to bringing proficient operation of cybersecurity to customers everywhere. It is for this reason that the Lumu Portal for MSP was created; there, MSPs can find all the ...MSP Portal - Accounts and Roles
You can create and manage your user accounts and roles using the Lumu Portal for MSP. You will see how to carry out these procedures in this article. MSP Portal User Configuration Bear in mind that to create new users and assign roles to them you ...Lumu Portal for MSP - Two-Factor Authentication (2FA)
The Lumu Portal for MSP offers secure login alternatives through the use of two-factor authentication (2FA), in this case, One-time Password (OTP) on top of your account password. You can use the Authenticator app you prefer, such as Google ...