Step 1: Create Enterprise Application in Azure Portal
Important:
In order to set up SSO with Azure, you must have a paid subscription with Azure.
Log in to https://portal.azure.com/
Navigate to Enterprise Applications
Click + New Application
Create your own application
Give your new app a name.
Important: Do not select RedTeam from the available options that will pop up, you need to create it as NEW.
Select the option Register an application to integrate with Microsoft Entra ID
Click Create
On the section for Supported account types: Select (Single Tenant)
Click Register when you are ready.
Step 2: Add Redirects
Navigate to the Enterprise Applications menu and select your app from the list.
Navigate to Single sing-on form the menu on the left.
And click Go to Application
Navigate to the Authentication section
Click on +Add a platform and select Single-page application
Copy and paste the link below in the Redirect URIs
https://login.flex.redteam.com/sso/login/callback
Click Configure when you are ready.
Step 3: Configure options
Scroll down to navigate to the next section. Make sure your Options are selected the same as below so that Entra ID will be able to send ID and Access Tokens.
Click Save when you are ready.
Click Certificates & Secrets on the Left menu and then select Federated Credentials from the options.
Click on +Add credential
Select Customer Managed Keys from the dropdown
Select the corresponding Subscription for your company the Identity and click Select at the bottom.
Give a name to your new Credential and click Save.
Add Optional Token Claims(this step is not optional)
Navigate to Token Configuration from the left menu and click +Add optional claim
Select the Token Type and claims from the list.
You can select multiple for the same Type and click Add when ready.
When selecting the Claims that are type ID, you will see this pop-up, check the box and click Add as well on this one.
Once you finish adding all the types, make sue they match the following claims shown below:
Step 4: Add Groups/Users
In order to provide access to the Single Sign On through this enterprise app, you will need to add them as a User. You can do that in the “Users and groups” section. Here’s some documentation on that: Manage users and groups assignment to an application - Microsoft Entra ID | Microsoft Learn
Navigate to Overview on the left menu and click on the Application name
Click Assign Users and Groups and select users/groups that need to be allowed to access app.
Step 5: Obtain ID’s for Configuring Application
Navigate to Overview and copy the client ID which is needed to configure SSO in the Flex/Fieldlens application.
Step 6: Add Configuration for Mobile Applications
Navigate to Authentication section of the Enterprise Application:
Click "Add a platform"
Select IOS or Android (if using both, configure each individually)
Enter values shown below:
| IOS / macOS |
Bundle ID | RedTeamShare |
Redirect URI | msauth.RedTeamShare://auth |
| Android |
Package name | com.redteamsoftware.redteamshare |
Signature hash | 2jmj7l5rSw0yVb/vlWAYkK/YBwk= |
Redirect URI | msauth://com.redteamsoftware.redteamshare/2jmj7l5rSw0yVb%2FvlWAYkK%2FYBwk%3D |
Final configuration with both Android/IOS should look like this
Step 7: Add SSO Configuration to RedTeam Flex Configuration
In RedTeam Flex an Admin will need to go to the Configuration Menu
Within the Configuration Menu, navigate to My Company under Controls
Scroll down to SSO Configuration, there you will need to input Company Domain, Client ID, Authority, and the Redirect URL which were all configured from the steps above
Once complete, hit Save