Onboarding Users onto Dune Security from Microsoft Entra ID

Complete app registration, SSO setup, and SCIM provisioning.

This guide provides a comprehensive walkthrough for integrating Dune Security with Microsoft Entra, enabling streamlined user onboarding and robust identity management. Follow these steps to ensure a smooth and effective integration.

Overview

Integrating Dune Security with Microsoft Entra allows you to manage user identities seamlessly, supporting automated provisioning, single sign-on (SSO), and enhanced security controls.

Pre-Implementation Requirements

Before starting the onboarding process, ensure you have:

1. Admin access to your Microsoft Entra tenant.
2. Admin access to your Dune Security account.

Step-by-Step Guide to Onboarding Users

1. Access the Azure Portal:

• Go to Azure Portal.
• Under "Azure services," select Microsoft Entra ID.

2. Create a New Enterprise Application:

• In the side navigation panel under Manage, select Enterprise applications.
• Click New Application then Create your own application.
• Enter Dune Security as the application name and click Create.

3. Assign Users and Groups:

• Go to the Getting Started section.
• Select Assign users and groups and add the necessary users/groups.

4. Configure Single Sign-On (SSO):

• Under Manage, select Single sign-on.
• Log in to your Dune Security admin account via Dune Security Login and go to SSO Settings.
• In the Azure portal, select SAML as the SSO method.

5. Complete Basic SAML Configuration:

• Identifier (Entity ID): Copy from the Dune Security platform under "Application Details."
• Reply URL (ACS URL): Copy from the same section.
• Sign-on URL: https://dune.security/login/

6. Add SAML Certificates:

• Copy the App Federation Metadata URL from Azure.
• Paste it into the Dune Security platform under Identity Provider Details and add email domains.
• Click Submit in the Dune Security platform.

7. Attribute Statements:

• givenname: user.givenname
• surname: user.surname
• emailaddress: user.mail
• name: user.userprincipalname
• email: user.mail
• Unique User Identifier: user.mail

8. Set Up SCIM Provisioning:

• In Azure, go to Provisioning and click Get started.
• Set Provisioning Mode to Automatic.
• Enter the following credentials:
  • Tenant URL: https://scim.dunesecurity.io/scim/v2
  • Secret Token: Use the token from the Dune Security platform under "SCIM Provisioning Details."
• Click Test Connection. If successful, click Save.

9. Start Provisioning:

• Click Start provisioning in Azure, or Restart provisioning if it's grayed out.
• Review Provisioning logs to confirm success.

Post-Setup Verification

1. Test SSO Login:

• Ensure users can log in via Microsoft Entra SSO from the Dune Security login page.

2. Verify User Provisioning:

• Check that users and groups are correctly provisioned in the Dune Security admin console.

3. Monitor and Troubleshoot:

• Regularly check logs in both Microsoft Entra and Dune Security for issues.
• Contact Dune Security Support for help.

Next Steps

You're almost there! Before launching your first Campaign ensure your DMI (Direct Mail Injection) is configured: Setting Up Direct Mail Injection (DMI) for Microsoft Phishing Simulations.