MS Entra ID and Immuta Integration Checklist

Introduction

This page provides a comprehensive checklist of prerequisites and considerations for customers integrating Azure Entra ID with Immuta. Reviewing these items prior to initiating the setup will help avoid potential issues, ensuring a smooth and successful integration. The checklist covers SSO configuration, SCIM setup, and required attribute mappings between Azure Entra ID and Immuta.

Azure Entra ID Integration Prerequisite Checklist

1. Azure Entra ID Setup

• Enterprise Application Creation:

  • Ensure an "Enterprise Application" has been created or obtain the permissions and instruction to create it in Azure Entra ID to facilitate SSO and provisioning.

  • For reference, refer to details from Azure Entra ID Enterprise Application documentation.

2. Single Sign-On (SSO) Configuration Details

• Issuer:

  • Confirm that the Issuer from Azure Entra ID is found or ready to provide to Immuta during integration setup step.

  • Location: Azure Entra ID -> Enterprise Applications -> {your application} -> Single Sign On

• Entry Point (Login URL):

  • Ensure the Login URL (labled Entry Point on Immuta) is noted and ready to provide to Immuta at integration setup.

  • Location: Azure Entra ID -> Enterprise Applications -> {your application} -> Single Sign On

• Signing Certificate:

  • Verify that the SAML Certificates (Base64) has downloaded from Azure Entra ID and is prepared to upload it to Immuta during the integration setup process.

  • Location: Azure Entra ID -> Enterprise Applications -> {your application} -> Single Sign On

3. Fields and Attributes Mappings

Ensure that the customer has reviewed and is ready to configure fields and attributes mappings between Azure Entra ID and Immuta. Common mappings include:

• e.g. Entra ID email → Immuta username/login name

• e.g. Entra ID disaplyName -> Immuta display user, this is not the Immuta 'username'

• Custom Attributes: schema and name, source attribute, and target attribute are reviewed. Entra ID -> Enterprise Application -> {your app} -> Provisioning -> Attribute Mapping.

4. SCIM Configuration and consideration

• User Provisioning via SCIM: Confirm whether the customer plans to enable SCIM (System for Cross-domain Identity Management) for automatic user profile updates and attributes provisioning from Entra ID to Immuta. This feature simplifies the synchronization of users between Entra ID and Immuta. Note that Immuta SCIM endpoint and SCIM api key can be set and made available afterward Entra ID and Immuta is integrated.

• Review the custom schema available in Entra ID for attributes to be sync'ed to Immuta. Location: Entra ID -> Enterprise Application -> {your app} -> Provisioning -> Attribute Mapping.

5. Issue Resolution & Troubleshooting

• Network and connectivity: Verify that Immuta is accessible to the Azure Entra ID environment.

• Conditional Access Policies: If this is enabled on Entra ID, make sure it will not interfere with the SSO login experience and integration with another application(in this case, Immuta).

• Integration Attempts: Has customer attempted to setup the integration. Were there any issues, errors, or challenges encountered during the process? If so, ensure to document the details, configuration setting used, steps to reproduce the issue, and screenshots will be helpful.