Setting up Entra ID for SAML
For the detailed information on how to setup SAML-based single sign-on for Secret Server in Entra ID, see Microsoft's Enable SAML single sign-on for an enterprise application.
Users must have Entra Domain Services already configured to use Entra ID.
Adding Users to Single Sign-On in Entra ID
Follow the steps in Register the user account guide to learn how to register a user account for your application.
If you have accounts in which the sAMAccountName differs from the UPN name, you can create custom rules to accommodate the differences. See Directory Services.
Entra ID Configuration Steps
For more information on how to setup SAML-based single sign-on for Secret Server in Entra ID, see Microsoft's Enable SAML single sign-on for an enterprise application.
You must have SAML already setup in Secret Server with a valid certificate. See the Setting up Secret Server section in Configuring SAML Single Sign-on
Follow the steps in Configure SAML setting to register a user account for your application.
Advanced Settings
The following Secret Server Identity Provider Advanced Settings can be configured in Entra ID:
If you apply advanced certificate signing settings to the Secret Server IdP application in Entra ID, return to the Identity Providers page in Secret Server and click the … button next the provider and select Advanced Settings to apply the same settings.
Custom claims can be configured within the Azure Enterprise Application in order to match the incoming claim to the Secret Server username.
