Skip to main content
Skip table of contents

SAML 2.0 - Integrating SAST with Azure Active Directory (AD)

Mend SAST supports SAML 2.0 integration for your organization. This article shows step-by-step how to implement this if your SAML 2.0 provider is Azure Active Directory (AD).

Prerequisites

  • Confirm you have the proper permissions to create an application within your Azure AD organization.

  • Confirm you are a Mend Admin in order to create the SAML integration within your Mend SAST organization.

Instructions

Follow the instructions below to successfully set up your SAML integration with Mend SAST and Azure AD:

Within Azure:

  1. Navigate to Azure Active Directory:

  2. On the left sidebar, click on Enterprise applications:

  3. Click on New application:

  4. We do not currently have a Mend SAST application within the Azure AD Gallery. So, click on Create your own application:

  5. Within the Create your own application sidebar, name the app “Mend SAST” and set it to Integrate any other application you don't find in the gallery (Non-gallery):

  6. Click on Create

  7. Once the Mend SAST application within your Azure AD is created successfully, it should redirect you to the application’s Overview page. Here, click on Single sign-on in the left sidebar:

  8. When selecting a single sign-on method, click on the SAML option:

  9. Now, you will need to set your Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL). Click on the Edit button:

  10. On the SAML Settings page, fill out the first few required fields as follows:

    1. Identifier (Entity ID): https://<your-mend-sast-url>/sast/saml/metadata

Note: The Identifier (Entity ID) must end with “/sast/saml/metadata”.

b. Reply URL (Assertion Consumer Service URL): https://<your-mend-sast-url>/sast/saml/acs

Note: The Reply URL (Assertion Consumer Service URL): must end with “/sast/saml/acs”.

  1. Click on Save. Here is an example of my saved credentials using my saas.mend.io instance:

  2. Make sure to remember the following credentials from Azure AD that we will implement in next step when setting up the SAML integration in the Mend SAST UI:

    1. Azure AD Identifier:

    2. App Federation Metadata Url:

 

Within the Mend SAST UI:

  1. Navigate to the Administration > Users tab, and Enable SAML Authentication:

  2. Input the following SAML credentials into your Mend SAST UI:

    1. Entity ID: The Azure AD Identifier from your Azure AD application

    2. Domain: Your organization’s email domain

    3. IdP Metadata URL: The App Federation Metadata Url from your Azure AD application

    4. Root URL: Your Mend SAST URL (i.e. https://saas.mend.io/sast )

Note: The root URL must end with “/sast”.

e. Username Attribute: This will be whatever assertion attribute Azure AD sends over for the value “username”. This attribute is usually one of these values on the left (typically name by default) within the Attributes and Claims section of your Azure AD (you can use the full Claim name URI):

  1. Here is an example of my SAML credentials within my Mend SAST organization using the “name” attribute:

  2. Assign the Default User Role. This will be the default role set for users if no role mapping is created or matched

  3. Mapping of SSO users to Mend SAST Groups can be done in the Group Mapping section using attributes. If no group mapping is configured or matched, the default "SSO Users" group will be assigned to logged-in users

  4. Mapping of SSO users to Mend SAST Organizations can be done in the Organization Mapping section using attributes. If no group mapping is configured or matched, the org level at which you clicked “Enable SAML Authentication” will be assigned to logged-in users

  5. Once you have completed your SAML mapping, click on the Save button to successfully save your SAML integration:

 

 

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close