Skip to main content

Azure AD as IdP

Marcy Bartlett
  • Updated

Step 1: Add Cobalt as a New Enterprise Application in Azure Active Directory

  1. Log in to the Azure AD portal as a Global Administrator
  2. Navigate to Azure Active Directory
  3. Under Manage, click Enterprise Applications
  4. Click +New Application
  5. Under Add your own app click Non-gallery application
  6. Add Cobalt - Pentest as a Service as name
  7. Click add to finish adding

 

Step 2: Configure the Cobalt Enterprise Application’s SSO settings

  1. In the overview page for your new enterprise application, under Manage, click Single Sign-on
  2. In the Single Sign-on Mode page, click SAML
  3. Under Basic SAML Configuration click edit/pen icon for Basic SAML ConfigurationEdit Basic SAML Configuration
  4. Within the Basic SAML Configuration, add in the following
  5. Add custom attribute mappings to your SAML token attributes configuration.image

  6. In addition to above, Cobalt application expects few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirementScreen_Shot_2021-10-28_at_12.42.02_PM.png

  7. Under SAML Signing Certificate, click the Download link for the Certificate (Base64)The Certificate download link

  8. On the Set up Cobalt section, copy the appropriate URL(s) based on your requirement.Copy configuration URLs

Step 3: Assign Users and Groups to the Cobalt Application.

  1. In the Azure portal, select Enterprise Applications, and then select All applications.

  2. In the applications list, select Cobalt.

  3. In the app's overview page, find the Manage section and select Users and groups.The "Users and groups" link
  4. Click Add UserThe Add User link
  5. Select the users to whom you will grant access to Cobalt
  6. Click Select at the bottom right of the page
  7. Click Yes to confirm that you want to grant the selected users access.

Note: Users will have to be added to the Cobalt platform by the org owner and have to complete the sign-up process via email.

 

Step 4: Add the Azure AD settings to Cobalt

  1. Log in to Cobalt platform as an Owner role
  2. Select Settings on the left1._Settings.png
  3. Select Identity & Access, and select Enable2._Identity___Access.png
  4. Enter in the details from your Azure portal3._SAML_224dee8a-8a6c-4aef-836a-676ad4125b3d.png
  5. Click Save

  6. Use IdP RelayState Token returned by Cobalt App and paste it in the Basic SAML Configuration within Azure AD. Note: Please use the same formatting that you see within the Cobalt platform {"org_token":"000000-0000-0000-0000-000000000000" } when entering the org token into Azure AD

     

    Users should now be able to sign in via Azure AD SSO

 

Frequently Asked Questions:

I have enabled SAML, but am unable to login to Cobalt.

One of the most common reasons why users aren’t able to login via their identity provider is because the emails do not match. The email address you are using in Azure AD must match your Cobalt account. If you are using two different emails, you will not be able to login.

 

What SSO providers are supported by Cobalt?

Cobalt currently supports Okta, OneLogin, DUO, AzureAD, Google.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk