Prerequisites
Before you proceed with the integration, ensure to complete the following prerequisites:
- Ensure that the OIDC discovery endpoint of SafeNet Authentication Exchange is reachable from Microsoft Azure. For more information on setting up SafeNet Access Exchange, refer to the Install SafeNet Access Exchange section.
-
You must have administrator access to create a new realm or modify an existing one to use the SafeNet OTP flow. Refer to the Realm creation and authentication flow section for more information on configuring a realm.
-
Configure SafeNet OTP Flow in the realm with a valid Agent BSID Key and token validator URL.
-
Configure User Federation using the sas-user-provider.
-
The SASPCE user ID must match the Microsoft Entra ID user login ID. This login ID is referred to as the end user ID who is going to access the Microsoft Entra application.
-
The following roles are required for Microsoft Entra ID configuration:
-
Cloud Application Administrator
-
Privileged Role Administrator
-
Conditional Access Administrator
For more information on roles and permissions, refer to the Microsoft documentation.
-
-
If using a federated domain, ensure that the federation is already set up as per the required guidelines. The federation must be done within the same realm used for creating the Entra ID client.
