Posted on by

Set Up SAML SSO for Prism Central with Microsoft Entra ID

For those who are not familiar, Microsoft Entra ID (formally Azure Active Directory) is Microsoft’s cloud-based identity and access management (IAM) service. It helps organizations manage and secure access to applications, devices, and data. With Entra ID, users can sign in and access resources across Microsoft services like Microsoft 365, Azure, and thousands of third-party SaaS apps.

It supports single sign-on (SSO), multifactor authentication (MFA), conditional access policies, and identity governance—all designed to protect against cybersecurity threats and ensure the right people have access at the right time.

Entra ID is just one IAM service; other options include Google WorkSpace, Amazon Web Services, Okta, and more.

Today, we will focus on Entra ID and how to integrate Nutanix Prism Central as an IAM. If you missed my post about connecting Prism Central to Google Workspace, check it out here.

Three Key Steps to Set Up SAML SSO:

  1. Add a Custom SAML App to Entra ID
  2. Configure Identity and Access Management (IAM) in Prism Central
  3. Set Up Authorization Policies and Manage Access

Step 1: Log in to Prism Central

  1. From the Application Switcher, go to Admin Center > IAM > IdP Configuration.
  2. Click on Download Metadata to obtain the Prism Central metadata XML file.

Step 1: Log in to Microsoft Azure Portal

  1. Navigate to Microsoft Azure Portal.
  2. Search for Entra ID from the Search Bar
  3. Click Microsoft Entra ID under Services

Step 2: Set Up Enterprise Application in Microsoft Entra ID:

  1. Log in to the Microsoft Entra ID portal.
  2. Click Manage, go to Enterprise Applications, and click on New Application.
  3. Select Create your own application, name it and choose the option Integrate any other application you don’t find in the gallery (Non-gallery).
  4. Click Create
  1. After creation, open the application and navigate to Assign Users and Groups.
  2. Add the user groups that should have access to Prism Central.

3. Configure SAML-based SSO:

  1. Within the newly created application, click OverviewSet up single sign-on > SAML.
  2. Click Upload Metadata File and select the file downloaded from Prism Central earlier.
  1. Click Add
  2. Leave the defaults and click Save
  1. Download the Federation Metadata XML from section 3 of the SAML setup

4. Finalize SSO Configuration in Prism Central:

  1. Return to Prism Central, from the Application Switcher, go to Admin Center > IAM > IdP Configuration.
  2. Click Add Identity Provider > SAML Identity Provider.
  1. Enter Configuration Name – This will be displayed on the Prism login page.
  2. Set Username Attribute to email.
  3. Set Email Attribute to email.
  4. Import Metadata – Upload the metadata file you downloaded earlier.
  5. Click Save.

Identity and Access Management and Authorization Policies

Step 1: Create an Authorization Policy

  1. From the Application Switcher, go to Admin Center > IAM > Authorization Policies.
  2. Click Create Authorization Policy.
  3. Choose Role: Select Super Admin, then click Next.

Step 2: Define Scope

  1. Select Full Access: All entity types & instances.
  2. Click Next.

Step 3: Assign Users

  1. Change Local User to the SAML user you set up earlier.
  2. Type the email address and select the user.
  3. Click Save.

Test SAML Login

Step 1: Attempt Login

  1. Log out of Prism Central.
  2. Open a browser and go to the URL you entered in the Service Provider Details step, for example:
    • https://<PC IP or FQDN>:9440
  3. You should see a “Login with …” option.

Step 2: Authenticate with Entra ID

  1. Click “Login with …”, and you should be redirected to your Microsoft login page.
  2. If you have 2FA or Passkey authentication set up, you must enter it to proceed.
  3. Once authenticated, confirm that you are logged into Prism Central via SAML SSO by clicking on your name in the upper right corner and selecting Update Profile.

Summary

By following this guide, you have successfully set up SAML-based SSO for Prism Central using Microsoft Entra ID. This integration enhances security by enabling centralized authentication, eliminating the need to manage multiple user credentials.

You also created authorization policies to define user access and tested the SAML login to ensure a seamless authentication experience.

With SAML SSO now configured, users can securely log in to Prism Central using their credentials, benefiting from streamlined access control and improved security.

What’s Next?

Try setting up SAML SSO in your environment and let us know how it works for you! If you have any questions, feedback, or run into any challenges, drop a comment below—we’d love to hear from you!

Published by Raj

Leave a Reply

Your email address will not be published. Required fields are marked *