Xygeni User Guides
  • Welcome to Xygeni
  • Getting Started
    • Create a Free Trial Account
    • Quick start with your code repository
    • Quick start with Xygeni CLI
    • Quick start with a preloaded project
    • Log in to Xygeni
    • Subscribe to Xygeni
  • Introduction to Xygeni
    • Key Concepts
      • Projects in Xygeni
      • Project Baseline
      • Detected Issues
      • Remediation Actions
      • Policies
      • Risk Level
      • SDLC Inventory
      • Standards Compliance
      • GuardRails
    • Xygeni Products
    • How Xygeni works
    • Xygeni Web UI Overview
      • Projects Screen
        • Risk Level
    • Integrating Xygeni into your Workflow
    • Prioritization Funnels
      • Custom Funnels
      • Prioritization Criteria (Stages)
        • Reachability
        • Exploitability
        • Fixable
    • Guardrails
    • Generate a SBOM
    • Reports
      • Trends
      • Scan History
    • Supported Integrations
    • Customizations
  • Xygeni Products
    • Application Security Posture Management (ASPM)
      • ASPM User Interface Guide
      • All Risks
        • Statistics
        • Issues Evolution
        • Issue Comparison Between Different Scans
      • Governance
      • Inventory
        • All Assets
        • Repositories
        • Components
        • CI/CD Assets
        • Delivery Assets
        • Systems & Tools
        • Collaborators
      • Health Check
      • Inventory Scanner
        • Inventory Scanner Configuration
        • Inventory Collaborators Scan
      • Importing reports from 3rd party tools
        • External Scanners Supported
          • Report upload for Kiuwan
            • ExportRule (.java)
    • Code Security (SAST)
      • Code Security (SAST) User Interface Guide
        • Risks (SAST)
        • Malicious Code
      • Malware Scanner
        • Malware Scanner Configuration
        • Malware Detectors
      • SAST Scanner
        • SAST Scanner Configuration
    • Open Source (SCA)
      • Open Source (SCA) User Interface Guide
      • Open Source Components
      • Supported Package Managers for dependency resolution
      • Risks (SCA)
      • OSS Prioritization Funnels
      • OSS Auto-Remediation
      • Malware Early Warning (MEW)
        • How Malware Early Warning works
        • Common types of Malware found in open source packages
      • Dependency Scanner
        • Dependency scanner configuration
        • Dependency Analyzers
      • Suspect Dependencies Scanner
        • Suspect Deps Scanner Configuration
        • Suspect Deps Detectors
    • CI/CD Security
      • CI/CD Security User Interface Guide
      • CI/CD Details
      • Build Attestations
      • CI/CD Scanner
        • CI/CD Misconfigurations Scanner Configuration
      • Compliance Scanner
        • Supported compliance standards
    • Secrets Security
      • Secrets User Interface Guide
      • Secrets Scanner
        • Secrets scanner configuration
      • Secret Leaks Handling
        • Secret Leaks Handling
        • How to Prevent Hard-Coded Secrets
        • Secret Leaks Handling CheatSheet
      • Secrets Auto-Remediation
    • IaC Security
      • IaC User Interface Guide
      • IaC Scanner
        • IaC Scanner Configuration
    • Malware
    • Build Security
      • Build Security Concepts
      • Build Attestations
      • Attestation format
      • How SALT works
      • Installing Salt CLI
      • Salt Command-Line Reference
      • SALT Architecture
      • SALT How To…​
    • Anomalous Activity Detection
      • Anomalous Activity Detection User Interface Guide
      • Xygeni Sensors
        • Xygeni Sensor for Azure
        • Xygeni Sensor for BitBucket
        • Xygeni Sensor for GitHub
          • GitHub Audit Log Processing
        • Xygeni Sensor for GitLab
        • Xygeni Sensor for Jenkins
        • Anomaly Detection's Detectors
      • Code Tampering Scanner
        • Code Tampering Scanner Configuration
    • Compliance & Malware Insights
      • SSCS Compliance
      • Malicious Packages DB
  • Scan Management
    • Manage Scans
    • Scan History
  • Xygeni Scanner CLI
    • Xygeni Scanners
    • Xygeni CLI Overview
      • Xygeni CLI Prerequisites
      • Xygeni CLI Installation
      • Xygeni CLI Docker Image
      • Xygeni CLI Authentication
        • CLI Authentication with Xygeni
      • SCM, CI/ CD and Container Registry tokens
      • Xygeni CLI Operation Modes
        • Single scan
          • Scanning a docker image
        • Multi Scan
        • Organization scan
      • Xygeni CLI Configuration options
      • Xygeni CLI Output Formats
      • Exporting Xygeni results to 3rd party tools
      • Automatic Remediation
      • Generate SBOM with the Xygeni CLI
      • CLI utils
        • Credentials Encryption
        • Central Configuration
      • Xygeni Guardrails
        • CI/CD Audit Analysis
      • Xygeni CLI Error Codes
      • Xygeni Scanner Reference
  • Xygeni Administration
    • Platform Administration
      • Profile
      • Subscription
      • Users Management
      • Projects Management
      • Groups Management
      • Policies
      • Integrations
        • Xygeni Single Sign-On (SSO) Authentication
          • SSO - OKTA
          • SSO - Microsoft Entra ID
        • Integrate Scanner CLI into CI/CD Systems
          • Azure Pipelines Integration
          • BitBucket Integration
          • CircleCI Integration
          • GitHub Actions Integration
          • GitLab Runner Integration
          • Jenkins Integration
          • Travis CI Integration
        • Git Hooks with Xygeni
        • Collaboration & communication Tools
        • Ticketing Systems
        • Remediation systems
      • Notifications
    • Rest API
  • Support
  • Changelog
    • Version 5.11 - April 11, 2025
    • Version 5.9 – March 26, 2025
Powered by GitBook
On this page
  • Overview
  • How to obtain the information to be sent to Xygeni
  • Create an Entra ID Application
  • Gathering of info to send to Xygeni
  • Info provided by Xygeni
  • Assign people/groups to Entra ID application
  • Testing the Entra ID - Xygeni integration
  • Login from Xygeni
  • Login from Entra ID
Export as PDF
  1. Xygeni Administration
  2. Platform Administration
  3. Integrations
  4. Xygeni Single Sign-On (SSO) Authentication

SSO - Microsoft Entra ID

PreviousSSO - OKTANextIntegrate Scanner CLI into CI/CD Systems

Last updated 8 months ago

Overview

To configure Microsoft Azure Entra ID as Identity Provider (Id) for Xygeni as Service Provider (SP), you should first contact Xygeni to request data needed to properly configure the SAML integration between Entra ID and Xygeni.

You must provide the following information to Xygeni:

  • IDP Sign on URL: URL of the Identity Provider (or IDP, Entra IDin this case) against which the Xygeni user is going to authenticate

  • Entity ID or Issuer: Globally unique name for an Identity Provider or a Service Provider, is a URI used to identify the issuer of a SAML request, response, or assertion

  • URL Metadata: URL Metadata is the discovery information that the IDP exposes, to securely interoperate

  • Signing Certificate : Allows the Service Provider (or SP, Xygeni in this case) to verify the authenticity of the SAML response

Once submitted above info to Xygeni, you will receive some information back needed to properly configure the integration. This information will contain:

  • SP Single Sign on URL: SP's URL that processes the SAML response, verifies and validates it.

How to obtain the information to be sent to Xygeni

Create an Entra ID Application

Login to Azure Entra ID, go to Enterprise Applications and click on New application

A new page will open. Click on Create your own application.

Then, you can name your application and select “Integrate any other application you don’t find in the gallery (Non-gallery)”. Click on Create button.

Choose whatever name you prefer to identify your app (in our example we will use "xy1" ). Entra ID will redirect you to the workflow to create your SAML integration.

Click on option 2. Set up single sign on . A new page wiil open.

Select SAML and the main configuration page will open.

Gathering of info to send to Xygeni

In Section 4 (Set up xy1) you will find the following information (you must provide to Xygeni):

  • Login URL : a.k.a. IDP Sign on URL, URL of the Identity Provider (or IDP, Entra ID in this case) against which the Xygeni user is going to authenticate

  • Microsoft Entra identifier : a.k.a. Entity ID or Issuer, globally unique name for an Identity Provider or a Service Provider, is a URI used to identify the issuer of a SAML request, response, or assertion

In Section 3 (SAML Certificates) :

  • App Federation Metadata URL : a.k.a. URL Metadata, the discovery information that the IDP exposes, to securely interoperate

  • Certificate (Base64) : a.k.a. Signing Certificate, it allows the Service Provider (or SP, Xygeni in this case) to verify the authenticity of the SAML response

Copy the above information, download the Signing Certificate and send it to Xygeni.

CAUTION: In order to save the created app, you must enter required info in Section 1. You can enter some dummy values that will be modified later upon receiving proper values from Xygeni. Just to save it, you can provide some dummy values such as:

  • Identifier (Entity ID) (something similar to “20-xy1-azure”)

  • Reply URL (Assertion Consumer Service URL) (something similar to https://api.xygeni.io/sso/details/20-xy1-azure)

Info provided by Xygeni

Once submitted above info to Xygeni, you will receive some information back needed to properly configure the integration. This information will contain:

  • Identifier (Entity ID) (something similar to “20-xy1-azure”)

  • Reply URL (Assertion Consumer Service URL) : SP's URL that processes the SAML response, verifies and validates it (something similar to https://api.xygeni.io/sso/details/20-xy1-azure)

Copy those values to Section 1 (Basic SAML Configuration)

Once it’s done, click on Edit in Section 2 (Attributes & Claims)

By default, the app will send user.userprincipalname as Unique User Identifier (Name ID).

IMPORTANT: Xygeni expects that value to be a valid (and existing) Xygeni user id (email). So, be sure that user.principalname contains a valid Xygeni user id (an email). If, for example, the valid Xygeni user id (email) would be in other user metadata, such as user.othermail, click on the three dots to change it

And select the proper field in the Source attribute field.

IMPORTANT: The username of Entra ID must already be an existing Xygeni user !!

Assign people/groups to Entra ID application

Do not forget to assign people to your just created integration app. To do it, select the Users and Groups tab and include people/groups as needed.

Testing the Entra ID - Xygeni integration

Once you have sent to Xygeni the above information, and updated with the values that Xygeni sent back to you, you are able to test the application integration.

Login from Xygeni

If you click on Azure AD button, you will be redirected to Azure AD login page. Once authenticated in Azure AD, your browser will be redirected to the Xygeni dashboard.

Login from Entra ID

Alternatively, you can also login to Xygeni from Entra ID. To do it, just select your App and click on the Test button in Section 5. You will be redirected to the Xygeni dashboard without any further authentication.

To do it you can go to Xygeni login page ( ) and after specifying your login name you will be presented to a page where you can enter your password or click on the Azure AD button.

https://in.xygeni.io/auth/login