Skip to content

Configuring SAML Integration Between MS Entra (formerly Azure AD) and Nullafi Shield

Prerequisites

Before beginning the configuration process, ensure you have:

  • A fully operational Nullafi Shield instance
  • The Shield web dashboard configured with SSL (mandatory for SAML)
  • A browser configured to use Nullafi Shield
  • A MS Entra plan on Azure
  • The following example information (replace with your actual details):
  • Company: Maverick Co
  • Domain: maverickco.com
  • Nullafi Shield Dashboard URL: https://shield.maverickco.com

Introduction

Nullafi Shield supports SAML single sign-on authentication for end-users. When enabled, application requests are redirected to your Identity Provider (such as MS Entra) for authentication before granting access. After successful authentication, users won't receive additional prompts during their session. Session duration can be configured through the Nullafi Shield dashboard.

Part I: MS Entra Configuration

Creating the Application

  1. Log into the Azure portal
  2. Navigate to Microsoft Entra
  3. Select Enterprise applications
  4. Click New application
  5. Select Create your own application
  6. Enter an application name (e.g., "Nullafi-Shield")
  7. Select Integrate any other application you don't find in the gallery (Non-gallery)
  8. Click Create

Configuring Single Sign-On

  1. In the application overview, select Single sign-on from the left sidebar
  2. Choose SAML as the authentication method
  3. Configure the Basic SAML Configuration:
  4. Click Edit
  5. Enter the following values:
    • Identifier (Entity ID): https://shield.maverickco.com/user/saml/metadata
    • Reply URL (Assertion Consumer Service URL): https://shield.maverickco.com/user/saml/acs

  6. Click Save

  7. Configure Attributes & Claims:

  8. Click Edit
  9. Add the first claim:
    • Click Add new claim
    • Name: email
    • Source attribute: user.userprincipalname
    • Click Save
  10. Add the second claim:
    • Click Add new claim
    • Name: username
    • Source attribute: user.userprincipalname
    • Click Save
  11. Close the attributes editor (X button)
  12. Download the SAML certificate:
  13. Under SAML Certificates, click the Federation Metadata XML download link
  14. Save this file locally (you'll need it for the Shield configuration)
  15. Close the dialog (X button)

Assigning Users and Groups

  1. Return to the application overview and select Assign users and groups
  2. Click Add user/group
  3. Select the users or groups that should have access to Nullafi Shield
  4. Note: Depending on your MS Entra plan, you might be limited to adding only users, not groups

Part II: Nullafi Shield Configuration

  1. Access your Nullafi Shield Dashboard (e.g., https://shield.maverickco.com)
  2. Log in and navigate to Configuration in the left sidebar
  3. Click at ICAP
  4. Under Security, set Authentication Method to SAML
  5. Open the Federation Metadata XML file you downloaded earlier in a text editor
  6. Copy the entire content of the file
  7. Click Set IDp Metadata and paste the XML content
  8. Click Save
  9. Under Allowed URLs, check the Azure SAML option
  10. Scroll to the bottom and click Save Changes

Verification

  1. Open a browser configured to use Nullafi Shield
  2. Navigate to a web application (e.g., Hubspot.com)
  3. You should be redirected to the MS Entra login page (unless already authenticated)
  4. To verify the user session:
  5. Return to the Nullafi Shield Dashboard
  6. Navigate to Configuration > SAML Sessions
  7. Confirm that the user session appears as active