diff --git a/docs/identity/saas-apps/brocade-sannav-management-portal-tutorial.md b/docs/identity/saas-apps/brocade-sannav-management-portal-tutorial.md index 6e6c576ba5f..204ff2b170c 100644 --- a/docs/identity/saas-apps/brocade-sannav-management-portal-tutorial.md +++ b/docs/identity/saas-apps/brocade-sannav-management-portal-tutorial.md @@ -5,6 +5,7 @@ ms.reviewer: jomondi ms.topic: how-to ms.date: 03/25/2025 ms.custom: sfi-image-nochange +ai-usage: ai-assisted # Customer intent: As an IT administrator, I want to learn how to configure single sign-on between Microsoft Entra ID and Brocade SANnav Management Portal so that I can control who has access to Brocade SANnav Management Portal, enable automatic sign-in with Microsoft Entra accounts, and manage my accounts in one central location. --- @@ -60,7 +61,7 @@ Follow these steps to enable Microsoft Entra SSO in the Microsoft Entra admin ce 1. Sign in to the [Microsoft Entra admin center](https://entra.microsoft.com) as at least a [Cloud Application Administrator](~/identity/role-based-access-control/permissions-reference.md#cloud-application-administrator). 1. Browse to **Entra ID** > **Enterprise apps** > **Brocade SANnav Management Portal** > **Single sign-on**. 1. On the **Select a single sign-on method** page, select **SAML**. -1. On the **Set up single sign-on with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings. +1. On the **Set up Single Sign-On with SAML** page, select the pencil icon for **Basic SAML Configuration** to edit the settings. ![Screenshot shows how to edit Basic SAML Configuration.](common/edit-urls.png "Basic Configuration") @@ -81,17 +82,21 @@ Follow these steps to enable Microsoft Entra SSO in the Microsoft Entra admin ce ![Screenshot shows user attributes and claims with default values.](common/default-attributes.png "Claims") -1. In addition, Brocade SANnav Management Portal application expects a few more attributes to be passed back in SAML response which are shown below. These attributes are also pre populated but you can review them as per your requirements. +1. The Brocade SANnav Management Portal requires several additional attributes within the SAML response. While these attributes are pre-configured by default, they should be reviewed to ensure they align with your specific environment and security requirements. The following table outlines the expected attributes: - | Name | Source Attribute| - | ---------------| --------- | - | groups | user.groups | - | username | user.displayname | + | Name | Source Attribute| + | ---------------| --------- | + | groups | user.groups | + | username | user.userprincipalname | + + > [!Note] + > Guidelines for updating SANnav-specific attributes: + > - **groups**: While the default claim URI is `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups` under **Attributes & Claims**, the application specifically requires the shortened name **groups**. To configure this, edit the existing group claim (the claim whose name appears as `http://schemas.microsoft.com/ws/2008/06/identity/claims/groups` in the edit UI). After selecting your preferred **Source attribute** (such as **Group ID** or **sAMAccountName**), expand the **Advanced options** to select **Customize the name of the group claim**. Finally, enter **groups** into the **Name** field to ensure the application correctly identifies user permissions. + > Refer to [Add group claims to tokens for SAML applications using SSO configuration](~/identity/hybrid/connect/how-to-connect-fed-group-claims.md#add-group-claims-to-tokens-for-saml-applications-using-sso-configuration) to learn more about the `groups` attribute in the **Attributes & Claims** section. + > - **username**: Use the User Principal Name (UPN) format for SANnav usernames. While you can modify the username claim to suit your specific requirements, make sure the format complies with the standards outlined in the SANnav Management Portal User Guide. - > [!Note] - > Please refer [this](~/identity/hybrid/connect/how-to-connect-fed-group-claims.md#add-group-claims-to-tokens-for-saml-applications-using-sso-configuration) link on how to add the groups attribute in the Attributes & Claims section. -1. On the **Set-up single sign-on with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer. +1. On the **Set up Single Sign-On with SAML** page, in the **SAML Signing Certificate** section, find **Federation Metadata XML** and select **Download** to download the certificate and save it on your computer. ![Screenshot shows the Certificate download link.](common/metadataxml.png "Certificate")