Description


Microsoft 365 Single Sign-On (SSO) allows your users to log in to the Breach Secure Now portal using their Microsoft credentials. This way, users no longer need to worry about remembering their password for their Breach Secure Now account, and the login process is as easy as entering their email address, to be directed to verification. This guide covers how Partner Administrators can configure SAML-based SSO through Microsoft Entra Admin Center. 


Requirements


Administrator access to the Breach Secure Now Portal

Administrator access to the Microsoft Entra portal.


The Process


Step 1 – Access the Client View

  1. Log in to the Breach Secure Now portal as a Partner Administrator.
  2. Click Manage Clients to view your client list.
  3. Select the client you want to enable Microsoft 365 SSO for.

SSO Ent App - Manage Clients.png

Step 2 – Open SSO Settings in Breach Secure Now

  1. Go to the User Management tab.
  2. Click the Single Sign-On button.
  3. Click the Microsoft logo to start SSO configuration.

SSO Ent App - Select SSO.png

Note: Keep this page open — you will need the Application ID URL and Redirect URL for later steps in Entra Admin Center.

SSO Ent App - Select MS.png

 

Step 3 – Create an Application in Microsoft Entra Admin Center

  1. In a new tab, go to Microsoft Entra Admin Center.
  2. Navigate to Enterprise applications.
  3. Click New application.

SSO Ent App - Entra New App.png

  1. Select Create your own application, enter a name (e.g., “BSN SSO”), choose Integrate any other application you don’t find in the gallery (Non-gallery), then click Create.

SSO Ent App - New App Name.png

Step 4 – Configure SAML Settings in Entra

  1. In the new application, go to Single sign-on and select SAML.  SSO Ent App - New App SAML.png
  2. In Breach Secure Now, copy the Application ID URL and Redirect URLSSO Ent App - SSO Fields.png
  3. In Entra, under Basic SAML Configuration, click EditSSO Ent - Basic SAML .png
  4. Click Add identifier and paste the Application ID URL. SSO Ent - Basic SAML Input.png
  5. Click Add reply URL and paste the Redirect URL.
  6. Click Save, then close the configuration window.

 

Step 5 – Add Email Claim

  1. In Attributes & Claims, click Edit.  SSO Ent - Add New Claims.png
  2. Click Add new claim and fill in the following:
    • Name: Email
    • Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
    • Source: Attribute
    • Source attribute: user.mail

  3. Click Save, then close the Attributes & Claims window.

SSO Ent - Add New Claims Exit.png

*Optional: If you are running into a situation where you are trying to enable SSO and a client has a UPN focused sync, you can use this set up to enable UPN instead of email. 

"When creating the custom Email claim, set its attribute to user.userprincipalname. Additionally, update the default preconfigured claim emailaddress so that it also maps to user.userprincipalname."

image.png

Step 6 – Get Metadata URL and Complete Setup

  1. Back in Entra, within the Properties section, change the Assignment required? option to No and click Save.image
  2. In SAML Certificates, copy the App Federation Metadata URL.

SSO Ent - Get Metadata URL.png

  1. Return to the Breach Secure Now portal and paste the Metadata URL into the SSO configuration. SSO Ent - SSO Save.png

 

Optional: Enable Skip Identity Provider Logout if you want users to remain logged into Microsoft 365 after logging out of Breach Secure Now.

SSO Ent App - SSO Fields.png

Step 7 – Grant Permissions and Test Login

  1. If required, provide consent for the SSO application to be enforced across the account.
  2. Log out of Breach Secure Now and log back in with a client user account where SSO was configured.
  3. If prompted by Microsoft, check Consent on behalf of your organization and click Accept.SSO Ent - Admin Consent.png

You have now successfully set up Microsoft 365 Single Sign-On for your client in the Breach Secure Now portal.