Reference Guide
...
SAML Authentication

Azure AD Configuration

Log in to Azure Active Directory with a user who has the required administrative rights and follow the below steps to create a Kron PAM application for SAML SSO.

  1. Enterprise Applications.
  2. New Application.
  3. Create your Own application.
  4. Give your app a name.
Create your own application
Create your own application

  • Go to the newly created Kron PAM Application on Azure Portal.
Document image

  • Choose Single Sign-on under Manage on the left pane.
  • Click edit for Basic SAML Configuration on Azure Portal.
Basic SAML Configuration
Basic SAML Configuration

  • Enter the information below according to the Kron PAM Information.

The IP address of the Kron PAM app will change according to your environment.

Entity ID
Entity ID

Reply URL
Reply URL

Logout URL
Logout URL


After making the above configurations, the basic SAML Conf. tab can be closed.

Document image

  • Go to Step 3 for SAML Certificates on Azure Portal.
    • Download the Certificate (Base 64) and open it via Notepad. Then copy it inside the notepad.
    • We will paste it to the SAML configuration on Kron PAM as SAML X509 Certf. Key.
  • Go to Administration > System Configuration Manager > Integration > SAML Configuration.

Do not close the SAML Configuration popup on Kron PAM for further configurations.

Document image


Click the checkbox to enable SAML on the SAML Configuration popup on Kron PAM.

  • Go to Step 4 for Kron PAM Configurations on Azure Portal.
Set up Kron PAM
Set up Kron PAM


We will copy the above configurations from the Azure portal and paste them as the SAML configuration on Kron PAM.

The login URL from the Azure portal will be pasted as the SAML Logout URL in the SAML Configuration.

The Microsoft Entra ID Identifier from the Azure portal will be pasted as SAML Entity ID in the SAML configuration.

Do not close the SAML Configuration popup on Kron PAM for further configurations.

  1. Go to Properties under Manage on the left pane of the Azure portal for configured applications.
Properties
Properties

  • Copy the User access URL from the Azure portal and paste it as the SAML URL in the Kron PAM SAML configuration on Kron PAM.
  • Enter the Kron PAM Web URL (https://10.10.10.10/login) as the SAML Remote URL in the SAML configuration of Kron PAM.
  • Service Provider Name on configuration popup in Kron PAM can be provided as requested (For example, Azure Entra). To display service provider login on the login page, toggle “Enable Service Provider Login”.
Document image

  • At the end of the configuration, the Kron PAM screen below will be displayed:
Document image


After setting to the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server.

After setting the required configurations, you need to edit TomcatCorsFilter in the tomcat configuration: Make an SSH to the Kron PAM server

  1. Open the web.xml file under the following directory. /pam/gui/conf
  2. Find TomcatCorsFilter part and add the Entra ID URL, as shown below in bold.
<filter-name>TomcatCorsFilter</filter-name><filter-class>org.apache.catalina.filters.CorsFilter</filter-class> <init-param> <param-name>cors.allowed.origins</param-name> <param-value>https://login.microsoftonline.com</param-value> </init-param>
  • To test the SSO go to the application on Azure and click Single Sign-on on the left pane then go to step 5 on the Azure portal, and click the button Test button.
Document image


A new right-side page will open to ask for the user who will log in to the application. If this user exists in the Kron PAM application, you will log in with no need for credentials.