You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/active-directory/saas-apps/cloudtamer-io-tutorial.md
+36-1Lines changed: 36 additions & 1 deletion
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -61,6 +61,7 @@ To configure and test Azure AD SSO with cloudtamer.io, perform the following ste
61
61
1.**[Configure cloudtamer.io SSO](#configure-cloudtamerio-sso)** - to configure the single sign-on settings on application side.
62
62
1.**[Create cloudtamer.io test user](#create-cloudtamerio-test-user)** - to have a counterpart of B.Simon in cloudtamer.io that is linked to the Azure AD representation of user.
63
63
1.**[Test SSO](#test-sso)** - to verify whether the configuration works.
64
+
1.**[Group assertions](#group-assertions)** - to set group assertions for Azure AD and cloudtamer.io.
64
65
65
66
### Begin cloudtamer.io SSO Configuration
66
67
@@ -175,7 +176,41 @@ In this section, you test your Azure AD single sign-on configuration with follow
175
176
176
177
You can also use Microsoft My Apps to test the application in any mode. When you click the cloudtamer.io tile in the My Apps, if configured in SP mode you would be redirected to the application sign on page for initiating the login flow and if configured in IDP mode, you should be automatically signed in to the cloudtamer.io for which you set up the SSO. For more information about the My Apps, see [Introduction to the My Apps](https://support.microsoft.com/account-billing/sign-in-and-start-apps-from-the-my-apps-portal-2f3b1bae-0e5a-4a86-a33e-876fbd2a4510).
177
178
179
+
## Group assertions
180
+
181
+
To easily manage cloudtamer.io user permissions by using existing Azure Active Directory groups, complete these steps:
182
+
183
+
### Azure AD configuration
184
+
185
+
1. In the Azure portal, go to **Azure Active Directory** > **Enterprise Applications**.
186
+
1. In the list, select the enterprise application for cloudtamer.io.
187
+
1. On **Overview**, in the left menu, select **Single sign-on**.
188
+
1. On **Single Sign-On**, under **User Attributes & Claims**, select **Edit**.
189
+
1. Select **Add a group claim**.
190
+
> [!NOTE]
191
+
> You can have only one group claim. If this option is disabled, you might already have a group claim defined.
192
+
1. On **Group Claims**, select the groups that should be returned in the claim:
193
+
- If you will always have every group you intend to use in cloudtamer.io assigned to this enterprise application, select **Groups assigned to the application**.
194
+
- If you want all groups to appear (this selection can cause a large number of group assertions and might be subject to limits), select **Groups assigned to the application**.
195
+
1. For **Source attribute**, leave the default **Group ID**.
196
+
1. Select the **Customize the name of the group claim** checkbox.
197
+
1. For **Name**, enter **memberOf**.
198
+
1. Select **Save** to complete the configuration with Azure AD.
199
+
200
+
### cloudtamer.io configuration
201
+
202
+
1. In cloudtamer.io, go to **Users** > **Identity Management Systems**.
203
+
1. Select the IDMS that you've created for Azure AD.
204
+
1. On the overview page, select the **User Group Associations** tab.
205
+
1. For each user group mapping that you want, complete these steps:
206
+
1. Select **Add** > **Add New**.
207
+
1. In the dialog that appears:
208
+
1. For **Name**, enter **memberOf**.
209
+
1. For **Regex**, enter the object ID (from Azure AD) of the group you want to match.
210
+
1. For **User Group**, select the cloudtamer.io internal group you want to map to the group in **Regex**.
211
+
1. Select the **Update on Login** checkbox.
212
+
1. Select **Add** to add the group association.
178
213
179
214
## Next steps
180
215
181
-
Once you configure cloudtamer.io you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
216
+
Once you configure cloudtamer.io you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. [Learn how to enforce session control with Microsoft Cloud App Security](/cloud-app-security/proxy-deployment-any-app).
0 commit comments