In this article, you will find information about the SAML 2.0 Login functionality and how to configure it to be able to log in to the HEIMDAL Dashboard.
1. Enabling SAML 2.0 Login
2. Configuring SAML 2.0 Login
3. Activating the account created with Azure Login
Enabling SAML 2.0 Login
1. Log in to the HEIMDAL Dashboard using your HEIMDAL Dashboard credentials (initially provided by your Account Manager).
2. Go to the Guide section and click on the Customer Settings Tab.
3. To enable SAML 2.0 Login, you must tick the Log in to the Heimdal Dashboard using SAML 2.0 checkbox.
Allow Microsoft authentication only - allows you to restrict HEIMDAL Dashboard login access to the Azure Login only. This means that only user accounts that are created with the Azure Login functionality are able to log in to the HEIMDAL Dashboard.
Configuring SAML 2.0 Login
1. After enabling the SAML 2.0 Login in the HEIMDAL Dashboard, you can add your company's Azure Active Directory Tenant ID (which can be found in Azure Active Directory admin center). Please note that the Azure user performing this needs to have the Global Administrator role.
2. After copying the Tenant ID and pasting it in the Tenant ID field (inside the HEIMDAL Dashboard), click the Update button.
3. Log off the HEIMDAL Dashboard and log back in using the Azure Login feature.
3. You will be prompted to log in with your Microsoft credentials (2-Factor may be required).
4. After inserting the email account and password, you will have to click the Consent on behalf of your organization tickbox and click Accept (if the Consent is not displayed, proceed to the next step).
Once this step is performed, the Microsoft account will be added to the HEIMDAL Dashboard's database and a new Enterprise Application will be created in Azure Active Directory admin center (which links the Azure Active Directory Tenant ID with the HEIMDAL Dashboard):
In case you want to restrict access to the Azure Login feature from Azure Active Directory, you need to edit the Heimdal Security Dashboard application's properties and set the Assignment required to Yes. After that, you can add the users/groups that are allowed to access the Heimdal Security Dashboard for single sign-on.
Activating the account created with Azure Login
If there is no HEIMDAL Dashboard account matching your Microsoft account, a new account will be created with the Visitor role and can be used to log in to the HEIMDAL Dashboard with Azure Login only. After creation, the account will have to be activated by the HEIMDAL Dashboard Administrator:
Activation is performed by the HEIMDAL Dashboard Administrator from the accounts settings (Miscellaneous -> Account Activated -> True):
In this section, you can give Administrator permissions on the newly-created account, by removing the Visitor role from the newly-created account.
IMPORTANT
RESELLERS can impersonate and add/edit the Azure Active Directory Tenant IDs on behalf of their ENTERPRISE Customers. The procedure is similar to the one above.