Applies to BloodHound Enterprise and CE For general instructions on adding a SAML provider to BloodHound Enterprise or for configuring users to utilize a SAML provider, see SAML in BloodHound Enterprise. See SAML Order of Operations and Quick Reference before starting.

Create an Enterprise Application

  1. Login to Azure at https://portal.azure.com
  2. Navigate to the Enterprise Applications section of Entra ID.
  1. Click New Application.
  1. Click Create your own application.
  1. Provide a name for your application and click Create.

Configure Single Sign-On Settings

  1. Your browser should redirect you to your newly created application. Click on Single sign-on.
  1. Click on SAML.
  1. Click Edit under the Basic SAML Configuration section.
  1. Configure SAML. The following screenshot shows the tenant codename is “demo” and the provider name is “entra”.
  1. Azure will inform you the settings have saved successfully.
  1. Click the X to close the dialog.
  1. Scroll down to the SAML Certificates section and download the Metadata XML.
  1. Use the Users and Groups section to configure groups and users which you would like to grant access to BloodHound Enterprise.
  1. Use the downloaded metadata.xml file and follow the instructions at SAML in BloodHound Enterprise to Create the SAML Configuration in BloodHound.

Troubleshooting

Verify your attributes and claims use a proper schema in the claim name, and that you have a properly mapped claim for “user.mail” as in the example below. An indicator that this is necessary is when an authentication attempt returns the response: “assertion does not meet requirements for user lookup”.