/
SecHard and Entra ID Integration Guide.

SecHard

SecHard and Entra ID Integration Guide.

This document covers the integration of SecHard with Entra ID. Steps marked as optional are used to enable automatic synchronization. For these steps, the SecHard server must have internet access. If these steps are not performed, existing users will still be retrieved.

SecHard Configuration

  1. Go to Settings → System → Auth → SAML in the SecHard interface.

  2. Enable the Enable SAML Authentication option.
    Disable Sign Requests.

image-20260130-071321.png

 

  1. Click Generate Signing Certificate and fill in the required information.

 

 

image-20260130-071342.png
image-20260130-071359.png

 

  1. After saving, click the Download Metadata button on the right and save the file. This metadata will be used later in the Entra ID interface.

Entra ID Configuration

  1. Log in to Entra ID.

  2. Go to Enterprise Applications and click New Application.

  3. Provide a name for the application and select Integrate any other application you don’t find in the gallery, then click Create.

image-20260130-071423.png

 

Optional: Automatic User and Group Synchronization

Note: This requires SecHard to have continuous internet access.

Go to the Application Proxy section.
Define the Internal URL and External URL. A Windows client must be able to access the URL.
Set Pre-Authentication to Pass-Through.

image-20260130-071452.png

 

 

  1. Navigate to the Single Sign-On section and select SAML.


Click Upload Metadata and upload the metadata file downloaded from SecHard.
If a proxy was configured, enter the secondary URLs as well.

 

image-20260130-071512.png
image-20260130-071527.png

 

image-20260130-071542.png

 

 

  1. In the Single Sign-On section, go to Attributes & Claims.


Click Add a Group Claim and select Groups assigned to the application from the list, then click Save.

image-20260130-071604.png

 

 

image-20260130-071620.png

 

 

  1. Download the Federation Metadata XML from SAML Certificates under the Single Sign-On section.

image-20260130-071638.png

 

 

Entra ID User & Group Assignment

  1. Go to the Users and Groups section under the application in Entra ID.

  2. Click Add Users/Groups and select the users and groups to be assigned.

 

image-20260130-071657.png

 

 

 

 

Final SecHard Setup

  1. In SecHard, go to Settings → System → Auth → SAML → Identity Provider Configuration.

  2. Upload the metadata XML downloaded from Entra ID.

  3. Configure the Name, Attribute-Claim Mapping, Domain Name, and Default User Role.

  4. Save the settings. After this, users can log in using Entra ID.

image-20260130-071715.png

 

Optional: Provisioning Users via SCIM

  1. After saving, click Create Secret Token for Bearer Authentication and save the token.

  2. Go to Provision User Accounts under the application.

    • Enter the Tenant URL: the external URL from the proxy, followed by /api/scim.

    • Paste the secret token obtained from SecHard.

  3. Save the configuration. After this, Entra ID users and groups will be automatically synchronized with SecHard.

image-20260130-071747.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

SecHard