Table of Contents

This page provides information on how to configure Corporate Sign In to Chaos services with Microsoft Entra ID (formerly known as Azure AD).

Overview

In this section we explore how you can integrate your Microsoft Entra ID identity provider with Chaos, so that your employees benefit from the Corporate Sign In functionality.

Before doing the steps in this section, make sure to reach out to Chaos first to request the Corporate Sign In feature.




Initial Configuration by Chaos Support


As part of your initial request to Chaos Support, you will be asked to provide your Tenant ID and Domain.

  1. Log in to your Azure portal and navigate to the Microsoft Entra ID service.
  2. From the Overview page, copy the Tenant ID and Domain fields and provide them in the request. You will also be asked to provide an account email that will be used to manage your licenses in Chaos.
  3. Chaos Support team will perform the initial configuration as needed. After this is done, you can proceed to the next step.


Adding the Chaos Application to Microsoft Entra ID

  1. Log in to your Azure portal and navigate to the Microsoft Entra ID service.
  2. From the left menu, select Manage > Enterprise applications.
  3. Use the New application button.
  4. Search for the Chaos application and select it.




5. From the sidebar that appears, click the Sign up for Chaos button. This will open the Chaos Corporate Sign In page.

6. Sign in with your company credentials, using the account provided in the initial request.





7. Microsoft will display the Permissions Request prompt for the Chaos app, where you need to click Accept to grant the permissions.

Make sure to enable the Consent on behalf of your organization checkbox. This prevents the dialog from appearing to every non-administrator user that tries to log in.

8. After successful Sign In, you will be taken to the My Chaos portal. There you can complete your profile by entering First Name, Last Name and Country, if you haven't done so already.


Setting up Single Sign-on

  1. Navigate to the Enterprise applications page in Microsoft Entra ID. Open the Chaos application from the list.


If it does not show, try waiting a minute or so, and refresh the page.




2. From the left menu, navigate to Manage > Properties.

3. Ensure that Enabled for users to sign-in is set to Yes.

4. Change User assignment required? to Yes.

You can leave this option set to No but that means all employees in your Azure tenant will be able to access Chaos with their user credentials. Normally, you would want to keep this setting aligned to the provisioning settings (explored later), which means that if you leave it as is, you would also need to provision all users to Chaos.




5. Navigate to the Users and Groups menu.

6. Use the Add user/group button to add users and groups to the Chaos application. Users and groups added to this application are able to login to Chaos using the Corporate Sign In functionality. This setting is also important when provisioning is configured.

Make sure to add the Chaos license admin to this list.

If you selected No in the User assignment required option, then you don’t need to add any users or groups here.

7. Corporate Sign In is now enabled. Users can use their corporate email to use their Chaos products. However, these users are not automatically added to your Chaos Organization and will not have access to your organization's licenses unless you add them.

  • If you want to manually add users to the Organization, you can do that using the Self-Service Portal.
  • If you want to provision users automatically, follow the steps in the next section.



Enabling Automatic Provisioning

  1. Navigate to the Enterprise applications page in Microsoft Entra ID. Open the Chaos application from the list.

2. From the left menu, select Manage > Provisioning

3. Press the Get started button.




4. Select Automatic provisioning mode.

5. Under Admin Credentials, enter the Tenant URL and Secret Token. These are provided to you by the Chaos Support Team as part of the onboarding process.

6. Verify the configuration with the Test Connection button.

7. Use the Save button to save the configuration.

Once you save the configuration, additional Mappings and Settings sections appear. These are configured next.




8. Expand the Mappings section.

9. By default the Group mapping function is not visible. However, if it is visible on your end, here is how to disable it. Chaos does not process Groups, as such this mapping is unnecessary.

       a. Click on the Provision Microsoft Entra ID Groups link.

       b. Disable the Group mapping and click Save.


Even when disabled, it is still possible to assign Groups in the Users and Groups setting of the Application and use them to control access and provisioning.




 10. Returning to the Mappings section, click the Provision Microsoft Entra ID Users link. Make sure the Attribute Mappings table looks as follows. Save changes, if necessary.




11. Expand the Settings section. Ensure the Scope is set to Sync only assigned users and groups.

12. Set Provisioning Status to On.

13. Save the Provisioning Settings.

14. Provisioning is now enabled. You can check whether it is working successfully through the Chaos application's Provisioning menu.

Currently, Azure performs provisioning on regular intervals of 40 minutes. Most likely, you will need to wait to see, if it works successfully. This also means that it takes at least 40 minutes when a user is disabled in your Azure directory to take effect in the Chaos system.


Was this helpful?