Skip to main content

microsoft-entra-id

SSO Configuration with Microsoft Entra ID for Chaos Genius

To configure Single Sign-On (SSO) using Microsoft Entra ID (formerly Azure Active Directory), follow these steps:

Step 1: Access the Settings Page

  1. Navigate to the Settings page.
  2. Under the SSO Configuration tab, select your Identity Provider. In this case, choose Microsoft Entra ID. Select IdP in CG

Step 2: Add Chaos Genius as an Enterprise Application in Microsoft Entra ID

  1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
  2. Navigate to Identity > Applications > Enterprise applications.
  3. Click on New application.
  4. Select Create your own application.
  5. Enter Chaos Genius as the application name and select Integrate any other application you don't find in the gallery (Non-gallery).
  6. Click Create.

Step 3: Configure SAML-based Single Sign-On

  1. In your newly created Chaos Genius application, go to Single sign-on from the left navigation menu.
  2. Select SAML as the single sign-on method.
  3. In the Basic SAML Configuration section, click Edit and configure the following:
    • Identifier (Entity ID): urn:amazon:cognito:sp:us-west-2_qloEmwm69
    • Reply URL (Assertion Consumer Service URL): https://temp-cloud-monitoring-user-pool.auth.us-west-2.amazoncognito.com/saml2/idpresponse
  4. Click Save.

Step 4: Configure User Attributes and Claims

  1. In the User Attributes & Claims section, click Edit.
  2. Ensure the following claims are configured:
    • email: user.mail
    • firstName: user.givenname
    • lastName: user.surname
  3. Add any additional claims if they don't exist by clicking Add new claim.
  4. Click Save when done.

Step 5: Assign Users or Groups

  1. Navigate to Users and groups from the left navigation menu.
  2. Click Add user/group.
  3. Select the users or groups that should have access to Chaos Genius.
  4. Click Assign.

Step 6: Download Federation Metadata and Certificate

  1. Go back to the Single sign-on section.
  2. In the SAML Certificates section, download the following:
    • Federation Metadata XML: Click Download next to Federation Metadata XML
    • Certificate (Base64): Click Download next to Certificate (Base64)
  3. Save both files to your local machine.

Step 7: Upload Files to Chaos Genius

  1. Now that you have both the Federation Metadata XML and Certificate files, provide these files to Chaos Genius.
  2. Upload the downloaded files into the SSO Configuration section of Chaos Genius settings and click on Enable SSO. Configure SSO in CG

Important Notes

  • Ensure that the users you want to grant access to Chaos Genius are properly assigned to the application in Microsoft Entra ID.
  • The Entity ID and Reply URL values provided above are specific to your Chaos Genius instance and may need to be updated based on your deployment.
  • If you encounter any issues, verify that all attribute mappings are correct and that the metadata and certificate files are properly uploaded.
  • Contact your Chaos Genius administrator if you need assistance with the specific URLs or configuration values for your instance.