LogoLogo
Back to binalyze.com
  • Welcome | Binalyze Knowledge Base
  • AIR
    • AIR
    • Introduction
      • What is AIR?
      • Terminology
      • Architecture
        • AIR Responder Architecture; overview and performance analysis
        • AIR Task Flow and Management
      • Network Communication
      • Cloud Forensics with Binalyze AIR
    • AIR Setup
      • Console Hardware Requirements
      • Console Pre-Installation
      • Console Installation
      • Microsoft Azure Cloud Platform Integration
      • AIR Relay Server
        • What is AIR Relay Server?
        • Requirements for installation
        • How to install a Relay Server on different Linux platforms
        • How to change IP address of Relay Server
        • How to install a Responder with Relay Server support
        • Proxy configurations
          • Adding proxy to Relay Server
          • Adding proxy to Responder
        • Service Management for Relay Server
        • Whitelisting for Relay Server
        • Retrieving metrics from Relay Server
        • Updating and Uninstalling Relay Server
        • Troubleshooting
      • AIR Responder - Supported Operating Systems
        • AIR Responder - MS Windows supported systems
        • AIR Responder - Apple macOS supported systems
        • AIR Responder - Linux (DEB/RPM) supported systems
        • AIR - ESXi Standalone Collector
        • AIR Responder - Chrome supported systems
          • AIR For Chrome
      • AIR Responder Hardware Requirements
      • AIR Responder Deployment
        • Golden Image
        • Responder & Active Directory OUs
        • AIR Responder Exception Rules
          • Binalyze AIR Watchdog Folder
        • FDA via Jamf and Apple’s PPPC utility
        • AIR Responder in Windows 'Safe Mode'
      • Uninstalling AIR Responders
      • Security
        • AIR Console Access Control
        • AIR SSL Enforcement
          • SSL Certificate Management in Binalyze AIR
        • Two-factor authentication (2FA)
      • Post-Deployment Configuration Guide
        • Using AIR CLI on Binalyze AIR Console
      • AIR's User Settings
    • Updating AIR
      • Single-Tier Systems
      • 2-Tier Systems
      • AIR Console Updating - SaaS
    • Backup
      • Restore AIR Backup using the CLI
    • Features
      • Acquisition
        • Task Creation
          • Regex in AIR/DRONE:
          • Asset Management with Persistent Saved Filters
          • Task Cancellation and Deletion
        • Acquisition Profiles
        • Supported Evidence
          • Windows Collections
          • macOS Collections
          • Linux Collections
          • IBM AIX Collections
        • Scheduling Tasks
        • Disk and Volume Imaging
          • Imaging with interACT
        • Chain Of Custody in AIR
      • Auto Tagging
      • Triage
        • Triage Rule Templates
          • YARA Templates
          • Sigma Templates
          • osquery Templates
        • Schedule Triage Tasks
      • interACT
        • interACT Commands
        • PowerShell commands in interACT
      • Compare
      • Timeline
      • Integrations
        • SSO Integrations
          • Microsoft Azure SSO Integration
          • Okta SAML 2.0 SSO Integration
        • Webhooks
          • Mattermost Integration
          • Splunk Integration
          • IBM QRadar Integration
          • Wazuh Integration
          • Cortex XSOAR Integration
          • Elasticsearch Logstash Kibana Integration
          • ServiceNow Integration
          • Sumo Logic Integration
          • Crowdstrike Integration
          • Microsoft Sentinel Integration
          • Slack Integration
          • Carbon Black Cloud Integration
          • Rapid7 InsightIDR Integration
          • LogicHub SOAR (DEVO) Integration
          • Fortigate SIEM Integration
          • Dynatrace Integration
          • Stellar XDR Integration
          • SentinelOne Integration
          • Microsoft 365 Defender Integration
          • Cisco XDR Integration
      • Event Subscription
      • AIR API
        • API in AIR is likely to be more effective than Webhooks
      • DRONE
        • What is DRONE?
        • What is an Analysis Pipeline?
        • Analyzers
          • Cross Platform Analyzers
            • MITRE ATT&CK Analyzer
              • MITRE ATT&CK Analyzer changelog
            • Dynamo Analyzer
            • Browser History Analyzer
            • Generic WebShell Analyzer
          • Windows Analyzers
            • Windows Event Records and how AIR handles them
              • Windows Event Logs in AIR v4.21 and older versions
              • Event Records Summary vs. Event Records
            • Prefetch Analyzer
            • Shellbag Data Fields
          • Linux Analyzers
          • macOS Analyzers
            • Audit Event Analyzer
      • AIR Investigation Hub
        • Using the AIR Investigation Hub
        • Investigation Hub – Data Usage Statistics Dashboard
      • AIR File Explorer
        • File Explorer - FAQs
      • Tornado (Preview Version)
        • Tornado Installation Guide
          • Tornado Operating System Support
        • Updating Tornado
        • Tornado demo video
        • Getting Started with Tornado
          • Tornado Terminology
        • Tornado Collectors
          • Accessing Google Workspace
            • Service Account Creation
              • Enable Service Account Key Creation
          • Access Modes in O365
            • O365 license types
        • Tornado Troubleshooting & Feedback
        • Tornado FAQs
      • Frank.AI
      • Asset Isolation
      • Evidence Repositories
      • Policies
      • Tags
      • Off-Network Responder
        • Setting Up a Custom Case Directory
        • biunzip
          • biunzip password file
      • Binalyze AIR Responder Proxy Support
      • Proxy Configuration on Binalyze AIR Console
      • Binalyze AIR Audit Logs
    • Troubleshooting
      • Binalyze AIR Console CPU Profiling for Performance Issues
      • Understanding MSI Error Code 1618
      • How to gather Binalyze AIR logs for Troubleshooting
        • Collecting Binalyze AIR Console Log Files
        • Collecting Binalyze AIR Responder Log Files
        • Collecting Binalyze AIR Off-Network Responder Log Files
    • FAQs
      • Binalyze AIR Console Migration Procedure For Single-Tier Setup
      • Binalyze AIR Console Migration Procedure For 2-Tier Installation
      • Binalyze AIR Console Backup Procedure
      • Resolving the “Invalid Host Header. Host must be the Console Address” Error
      • How to download the collected evidence and artifacts in Binalyze AIR?
      • How to gather Binalyze AIR logs for Troubleshooting
        • Collecting Binalyze AIR Console Log Files
        • Collecting Binalyze AIR Responder Log Files
        • Collecting Binalyze AIR Off-Network Responder Log Files
      • AIR responder troubleshooting
      • Understanding Port Usage in Binalyze AIR
      • How many assets can connect to a single Console instance?
      • How do I enable SSL on AIR?
      • Can I use AIR with EDR/XDR Products?
      • Can I integrate AIR with my SOAR/SIEM?
      • What (sub)domains are used by AIR?
      • Docker & Host System IP Conflict
      • Monitoring Responder and UI API's
      • How do I update AIR Console?
      • How do I update AIR Responders on assets?
      • How to reset the password of a user via the AIR-CLI?
      • Is there a way to move an asset from one Organization or Case to another?
      • Creating exclusions/exception rules for Binalyze AIR Responder on EPP and EDR Solutions
      • Anything missing?
      • How can I install a version of AIR that isn't the latest?
  • General
    • Licenses - Open-source Software List
Powered by GitBook
On this page
  • 1. App Registration
  • 2. App Configurations & Permissions
  • 3. Managing Users and Groups
  • 4. Configure SSO in Binalyze AIR Console
  • 5. Verification

Was this helpful?

Export as PDF
  1. AIR
  2. Features
  3. Integrations
  4. SSO Integrations

Microsoft Azure SSO Integration

PreviousSSO IntegrationsNextOkta SAML 2.0 SSO Integration

Last updated 5 months ago

Was this helpful?

1. App Registration

To begin integrating Azure SSO with Binalyze, you'll first need to register a new application in Azure Active Directory (AD). This process will create a unique identity for your application, enabling secure communication with Azure services.

  1. Access the , sign in using your credentials, and navigate to the Microsoft Entra ID Directory under the Azure Services section.

  2. Go to Manage > App registrations, click on New registration, and provide a name for your application

  3. Select Web, and enter the https://[AIR_CONSOLE_ADDRESS]/api/auth/sso/azure/callback value for the Redirect URI field. Please remember to change [AIR_CONSOLE_ADDRESS] part for your instance.

  4. Click Register to complete the registration process.

  1. After registering the application, navigate to the Overview section, and copy the Application (client) ID and Directory (tenant) ID. You will need to input these values into the Binalyze AIR Console.

2. App Configurations & Permissions

Once your application is registered, you need to configure essential settings and permissions in Azure AD. This includes creating secrets and setting up API permissions to allow your application to interact securely with Azure resources.

  1. In the left-hand panel, go to Certificates & Secrets.

  2. Click New client secret, provide a description, set the expiration period, and click Add.

  1. Copy the value of the client secret and store it securely as it will be required later. You will need to input this value into the Binalyze AIR Console in the Client Secret field.

  1. Navigate to API permissions and ensure that the profile permission is selected.

If it's not present, click + Add permission, select Microsoft Graph, choose Delegated permissions, toggle profile, and click Add permissions.

[Optional step] Using UPN as an email address

If you have users with an empty ‘email’ field, AIR can use UPN to identify users. You can follow the steps below to use UPN as an identifier for users without the ‘email’ field:

Navigate to ‘Token configuration.’ If ‘upn’ is not in the list, click on the ‘Add optional claim’ button. After selecting the ‘ID’ token type, tick ‘upn’ and click on the ‘Add’ button.

  1. Go to App roles within the Azure AD application settings, click + Create app role, provide a name for the role, select Users/Groups for allowed member types, and give the role a description.

  1. Enter the corresponding "Tag" of the role to be mapped within the Binalyze AIR Console under the Value field (e.g., use the tag "global_admin" for the Global Admin role).

  1. You can make the roles on Azure SSO more than one according to your needs. While doing this, make sure that the “tag” value in Binalyze and the “value” value in Azure App are the same.

3. Managing Users and Groups

With your application configured, the next step is to manage the users and groups that will have access to it. Assign roles and permissions to the appropriate users and groups as follows:

  1. Return to the Microsoft Entra ID Directory, select Enterprise applications, filter by the application name, and click on it.

  2. In the left-hand panel, select Users and groups, click + Add user/group.

  3. Choose the users/groups and click Select.

  1. Choose the roles to assign and click Select.

  1. Assign selected user(s) to the selected role by clicking Assign.

4. Configure SSO in Binalyze AIR Console

After configuring your application in Azure, you must enable and configure SSO in the Binalyze AIR Console to allow users to authenticate using Azure AD credentials.

  1. Sign in to the Binalyze AIR Console.

  2. Navigate to Settings, go to Security, and find the SSO section.

  3. Enable Azure ID by toggling the switch, fill in the required fields with the Tenant ID, Client ID, and Client Secret from the Azure application registration, and click Save.

5. Verification

The final step involves verifying that the SSO integration is working correctly. This ensures that users can log in to the Binalyze AIR Console using their Azure AD credentials without any issues.

  1. After saving, check that a Sign in with Azure AD button appears on the Binalyze AIR Console login page.

  1. Click the Sign in with Azure AD button to be redirected to the Microsoft login page for authentication.

  1. Upon successful authentication, you will be redirected back to the AIR Console.

After configuring Single Sign-On (SSO), it is mandatory to retain at least one local user account. This is essential because if the SSO URL expires or any configuration changes occur on the SSO provider's side, you will need access to a local account to log into the AIR Console and update the SSO settings.

Maintaining a local user account acts as a safety net, ensuring continued access to critical administrative functions within AIR, even in scenarios where the SSO functionality is temporarily unavailable.

Azure Portal
Check the 'upn' box to add an optional claim