Azure Active Directory

Key Features

SAML/OIDC SSO

Conditional Access

Azure AD Sync

Group Management

SCIM Provisioning

App Roles

MFA Integration

Benefits

Enterprise SSO with Azure AD credentials

Conditional access for sensitive operations

Automated user provisioning and deprovisioning

Azure AD group-based access control

MFA enforcement for certificate operations

Common Use Cases

Enabling SSO for TigerTrust access

Enforcing conditional access policies

Syncing user accounts from Azure AD

Managing role assignments through groups

Azure Active Directory Integration

TigerTrust integrates with Azure Active Directory (Microsoft Entra ID) for comprehensive enterprise identity management.

Application Registration

Register TigerTrust in Azure AD:

1. Navigate to Azure Portal > Azure Active Directory > App registrations
2. Click "New registration"
3. Name: TigerTrust
4. Redirect URI: https://api.tigertrust.io/auth/callback
5. Configure permissions and certificates

SAML SSO Configuration

Configure SAML 2.0 SSO:

<!-- SAML Configuration -->
<EntityDescriptor entityID="https://tigertrust.io/saml/metadata">
  <SPSSODescriptor>
    <AssertionConsumerService
      Binding="urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"
      Location="https://api.tigertrust.io/auth/saml/callback"/>
  </SPSSODescriptor>
</EntityDescriptor>

OIDC Configuration

Alternative OIDC setup:

oidc:
  authority: https://login.microsoftonline.com/{tenant-id}/v2.0
  client_id: your-client-id
  client_secret: $AZURE_CLIENT_SECRET
  scopes:
    - openid
    - profile
    - email
    - User.Read

Conditional Access

Configure conditional access for TigerTrust:

Policy: Require MFA for Certificate Operations
---
Assignments:
  - Users: All users
  - Cloud apps: TigerTrust
  - Conditions:
    - Device platforms: All
    - Client apps: Browser, Mobile apps

Access controls:
  - Grant: Require multi-factor authentication
  - Session: Sign-in frequency = 1 hour

SCIM Provisioning

Enable automatic user provisioning:

scim:
  endpoint: https://api.tigertrust.io/scim/v2
  token: $SCIM_TOKEN

  mapping:
    users:
      userName: userPrincipalName
      displayName: displayName
      emails: mail
      active: accountEnabled

    groups:
      displayName: displayName
      members: members

Group-Based Roles

Map Azure AD groups to TigerTrust roles:

| Azure AD Group | TigerTrust Role | |---------------|-----------------| | TigerTrust-Admins | Administrator | | TigerTrust-Operators | Operator | | TigerTrust-Viewers | Viewer | | Certificate-Team | Certificate Manager |

App Roles

Define app roles in Azure AD:

{
  "appRoles": [
    {
      "displayName": "Certificate Administrator",
      "value": "CertAdmin",
      "description": "Full certificate management access"
    },
    {
      "displayName": "Certificate Operator",
      "value": "CertOperator",
      "description": "Certificate operations access"
    }
  ]
}

MFA Enforcement

Require MFA for sensitive operations:

Certificate revocation
Private key export
Policy modifications
User role changes

Secure your certificate management with Azure AD and TigerTrust.

Getting Started

1

Register TigerTrust as an Azure AD application

2

Configure SAML or OIDC settings

3

Enable SCIM provisioning

4

Set up group mappings for roles

5

Configure conditional access policies

Related Integrations

Okta

SSO integration with Okta for secure user authentication and automated provisioning with SAML 2.0 support.

Google Workspace

SSO integration with Google Workspace for streamlined authentication and user management.

OneLogin

Enterprise SSO with OneLogin including MFA and adaptive authentication support.

Ready to Integrate Azure Active Directory?

Get started with TigerTrust and automate your certificate lifecycle management today.