Login
        Contents x
        Set Up SSO with Microsoft Entra ID
        • 06 Nov 2025
        • 3 Minutes to read
        • PDF
        Contents

        Set Up SSO with Microsoft Entra ID

        • Updated on 06 Nov 2025
        • 3 Minutes to read
        • PDF
        Article summary

        Enhance your organization's security and streamline user access by enabling single sign-on (SSO) with Microsoft Entra ID. This article will walk you through the complete setup process, where you’ll configure settings in both Entra ID and Red Canary. If you have questions or are new to SSO,  see our Overview of Single Sign-On.

        1 Red Canary | Configure SSO Settings

        1. Navigate to Red Canary, then click your user profile in the top right corner.

        2. Click Single Sign-On.

        3. Enable the following settings:

          • This SSO configuration should be active
            This setting activates the SSO setup, after you complete the configuration and click Save at the bottom.

          • Automatically create a Red Canary user the first time a user is authenticated
            This setting automatically provisions a Red Canary account when a new user logs in with SSO. As an optional configuration, you can assign default roles to new users. Select one of the following roles to apply automatically:

            • Admin

            • Workflow User

            • Analyst

            • Analyst Viewer

            • Applications Manager

            • EDR User

            • Responder

            For a full description of each role's permissions, see Understand and Assign Roles.

            To reset a user's permissions to the selected default every time they sign in, check the Grant these roles on EVERY sign in box. This will override any manual role changes made previously. This is useful for enforcing a "least privilege" baseline, where you can manually grant temporary high-level access that will be automatically revoked on the next login.

        You’ll finish configuring these settings in a later step.

        2 Microsoft Entra ID | Create a Red Canary App

        1. Log in to your Microsoft Entra ID admin center.

        2. Go to Entra ID > Enterprise apps.

        3. Click New Application > Create your own application.

        4. In the What's the name of your app? field, enter “Red Canary”.

        5. Select the Integrate any other application you don't find in the gallery (Non-gallery) option and click Create.

        6. Go to All applications and click the newly created Red Canary app.

        7. In the left-hand menu, click Single sign-on and select the SAML method.

        3 Microsoft Entra ID / Red Canary | Configure SSO Properties

        1. In the Basic SAML Configuration section, click Edit.

        2. Click Add Identifier.

        3. Return to the Red Canary SSO settings page, then copy the URL from the Entity / Issuer field and paste it into the Entra Identifier field.

        4. In the Entra Reply URL field, enter the following URL, replacing mysubdomain with your actual subdomain: https://mysubdomain.my.redcanary.co/saml_sp/consume

        5. On the Entra SSO settings page, click Save and close out of the SAML configuration popover.

        6. In the Attributes & Claims section, click Edit.

        7. In the Additional claims section, click each additional claim.

        8. Delete the namespace URI http://schemas.xmlsoap.org/ws/2005/05/identity/claims .

        9. Confirm that the claim names and values look like this:

        10. Confirm that your user email address is connected to the user.userprincipalname attribute:

          • In the left nav, click Users.

          • Select your user name.

          • In the Properties tab, confirm that the User principal name contains your email address.

        11. Return to the SSO enterprise app SSO settings.

        12. In the SAML Certificates section, click Download next to Certificate (Base64).

        13. In a text editor, open the downloaded certificate and copy it.

        14. On the Red Canary SSO settings page, paste the downloaded certificate into the Identity Provider X509 Cert field.

        15. On the Microsoft Entra SSO settings page, scroll down to the Set up Red Canary section, where you’ll copy each field and paste it into the Red Canary SSO settings page:

          • Copy Login URL and paste it into the Identity Provider SSO Target URL field.

          • Copy Microsoft Entra Identifier and paste it into the Identity Provider Entity ID field.

          • Copy Logout URL and paste it into the Identity Provider SLO Target URL field.

        16. On the Red Canary SSO settings page, in the Email Attribute field, type “Email.” Make sure it is title cased.

        17. Click Save.

        18. Return to the Entra SSO settings page and click Test this application.

        4 Red Canary | Require SSO for User Login

        Once you’ve successfully tested your setup, go to the Red Canary SSO settings page and check the box Disable user / password login and require login via Single Sign On. This requires SSO login for all user logins. Make sure to click Save to apply the change.

        Was this article helpful?
        What's Next
        Change password!
        Changing your password will log you out immediately. Use the new password to log back in.
        Change profile
        Success!
        First name must have atleast 2 characters. Numbers and special characters are not allowed.
        Last name must have atleast 1 characters. Numbers and special characters are not allowed.
        Enter a valid email
        Enter a valid password
        Your profile has been successfully updated.
        Logout