How to integrate IDP Microsoft Entra with DX SaaS?

SAML Integration between DXO2 and Microsoft Entra

DX SaaS

As „Identifier (Entity ID)“ you have to use the “Audience” which is “DXI_<tenant_name>”. If your tenant is named “DEMO_TEST”, you have to configure “DXI_DEMO_TEST” as Entity ID.

In the “Reply URL” use only the tenant name (without prefix). E.g.:

• For EU: https://apmgw.dxi-eu1.saas.broadcom.com/ess/authn/DEMO_TEST
• For NA: https://apmgw.dxi-na1.saas.broadcom.com/ess/authn/DEMO_TEST

DXO2 SAML Configuration

• Identify SAML Account

Use the values from Section 4 of the “Single sign-on” page in MS Entra:

• Issuer = Microsoft Entra Identifier
• Login URL = Login URL
• Logout URL = Logout URL

Login Url configured in DXI should be User access URL from IDP under saml application properties 

Map attributes between DXI and SAML account:

Use the SOAP schema for the attributes. The last part is the same as in section 2 “Attributes & Claims” in MS Entra (e.g. “givenname” for first name and “groups” for roles).

Identify User Group:

Use the group name of the AD groups from MS Entra, not the object id. You can only configure the SAML group that is mapped to the tenant admin role.
You have to map other SAML groups to DXO2 roles later under “Settings/Manage Users and Roles”.