Azure AD Configuration
Log in to Azure Active Directory with a user who has the required administrative rights and follow the below steps to create a Kron PAM application for SAML SSO.
- Enterprise Applications.
- New Application.
- Create your Own application.
- Give your app a name.

- Go to the newly created Kron PAM Application.
- Choose Single Sign-on on the left pane.
- Choose SAML.
- Click edit for Basic SAML Configuration.

- Enter the information below according to the Kron PAM Information.
- Note that the IP address of the Kron PAM app will change according to your environment.


- Go to Step 3 for SAML Certificates.

Download the Certificate (Base 64) and open it via Notepad. Then copy it inside the notepad.
We will paste it to the SAML configuration on Kron PAM as SAML X509 Certf. Key
- Go to Step 4 for Kron PAM Configurations.

We will copy the above configurations and paste them as the Kron PAM SAML configuration.
- Go to Administration > System Configuration Manager > Integration > SAML Configuration.
- The Kron PAM Web URL will be pasted as Login Remote URL in the SAML configuration. The Microsoft Entra ID Identifier will be pasted as SAML Entity ID in SAML in the SAML configuration.
- Go to Kron PAM Properties.

- Go to Properties at the newly created Kron PAM Application copy the User access URL and paste it as the SAML URL in the Kron PAM SAML configuration.
- At last, enter the Kron PAM Web URL (https://10.20.42.XX/login) as the SAML Remote URL in the SAML configuration of Kron PAM.
- At the end of the configuration, the Kron PAM screen below will be displayed:

After setting to the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server.
After setting the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server
- Open the web.xml file under the following directory. /pam/gui/conf
- Find TomcatCorsFilter part and add the Entra ID URL, as shown below in bold.
- To test the SSO go to the application on Azure and click Single Sign-on on the left pane then go to step 5, and click the button Test button.
A new, left side page will open to ask for the user who will log in to the application. If this user exists in the Kron PAM application, you will log in with no need for credentials.