/
Setting up Microsoft Entra Single Sign-On for Service Center

Setting up Microsoft Entra Single Sign-On for Service Center

When you have completed this process, users in groups you assign to Barracuda RMM in Azure can log in to Barracuda RMM through their My Applications page. To be eligible for Single Sign-On, users must have a Barracuda RMM account with the same email address as their Azure account. For information about assigning users and groups in Azure, see the Azure documentation.

To set up users to log in through Microsoft Entra ID, you must:

  • be an Azure Application Administrator

  • be an administrator for the Barracuda RMM VAR

For the Barracuda RMM site, you have at least ModifyServiceCenterSettings permission.

You must do this process for each VAR individually.

Your Service Center must be using HTTPS. Service Centers using HTTP are not eligible for this service.

Notes

  • If an admin changes the user details of the account of an Entra ID SSO user who hasn't validated their email address in Barracuda RMM, the user is unexpectedly logged out of all their sessions. An email validation link is sent to the userโ€™s email. This email should be ignored. The user should follow the standard procedure for logging in, however, the user may have to click SSO twice before being allowed to log in.

  • Email validation is not enforced for users who use Entra ID to log in.

  • In Barracuda RMM environments that use ServiceNow and Entra ID SSO, do not enable the Enforce Microsoft Entra ID SSO Login if Configured check box in Configuration > Users & Roles > User Management > Global account settings.

ย 

Before beginning this process, ensure that the email address you use to log in to Service Center is exactly the same as the email address in the Entra ID contact information.

Do not enable the Enforce Microsoft Entra ID SSO Login if Configured check box if you have not configured and tested Microsoft Entra ID SSO login. If Microsoft Entra SSO login is not working properly, you may be locked out of your account.

To initiate Barracuda RMM for Microsoft Entra login

  1. In Service Center, click Configuration > System Settings.

  2. Click the Authentication tab.

  3. Copy the Redirect URL and save it for the next procedure.

  4. Proceed to the To set up Microsoft Entra ID procedure below.

To set up Microsoft Entra ID

At the end of this procedure, you will have collected the following to complete the integration:

  • the Certificate (Base64)

  • the Login URL

  • the Microsoft Entra ID Identifier

  • the Tenant ID

  1. In your Azure portal, click Enterprise applications.

  2. Click New Application.

  3. Click the Create your own application tab.

  4. In the Whatโ€™s the name of your app? field, type a name.

    If you have more than one VAR, name each integration something you will identify with that VAR.

  5. Select Integrate any other application you donโ€™t find in the gallery (Non-gallery) and click Create .

  6. In the left navigation menu, click Single Sign On.

  7. Click Set up single sign on.

  8. Click SAML.

  9. In the Basic SAML Configuration area, click Edit.

  10. Under Identifier (Entity ID), click the Add identifier link.

  11. Paste the Redirect URL you copied in the To initiate Barracuda RMM for Microsoft Entra login procedure above.

  12. Click the Add reply URL link.

  13. Paste the Redirect URL you copied in the To initiate Barracuda RMM for Microsoft Entra login ย procedure above.

  14. In the SAML Certificates area, download the Certificate (Base64).

  15. In the Set up Application Name area, copy the following and save them for the next procedure:

    • Login URL

    • Microsoft Entra ID Identifier

  16. Click Save.

  17. In the left navigation menu, click Overview.

  18. In the Basic information area, copy and save the Tenant ID.

  19. Proceed to the To complete the Barracuda RMM setup for Microsoft Entra ID procedure below.

To complete the Barracuda RMM setup for Microsoft Entra ID

Once this procedure is complete, users will be able to log in to Barracuda RMM by clicking an icon on their myapplications.microsoft.com page.

You can require users to log in with Microsoft Entra ID if it is enabled. If you select the Enforce Microsoft Entra ID SSO Login if Configured checkbox in User Management, users will be required to log in with Entra ID if they can. Users who canโ€™t log in with Entra ID can log in the usual way.

Do not enable the Enforce Microsoft Entra ID SSO Login if Configured check box if you have not configured and tested Microsoft Entra ID SSO login. If Microsoft Entra SSO login is not working properly, you may be locked out of your account.

See To set options for Microsoft ID settings in Setting Global Account Options.

To complete this procedure, you need the following from the To set up Microsoft Entra ID procedure above:

  • The Certificate (Base64)

  • The Identity Providerโ€™s Sign in URL

  • The Microsoft Entra ID Identifier

  • The Tenant ID

If you have completed the To set up Microsoft Entra ID procedure, you can download a text file with the Identity Providerโ€™s Sign in URL, the Entra ID Identifier, and the Entra ID Tenant ID by going to Configuration > System Settings, then clicking the Authentication tab. In the Entra ID Settings area, click the Modify button. Then click the download button in the top right.

  1. In Service Center, click Configuration > System Settings.

  2. Click the Authentication tab.

  3. In the Entra ID Settings area, click the Modify button.

    If the Modify button is not displayed, your Service Center is not using HTTPS and is not eligible to set up Microsoft Entra ID.

  4. Select the Enable Identity Provider check box.

  5. Click Upload and select the location of the Certificate (Base64).

  6. In Identity Providerโ€™s Sign in URL, paste the Login URL.

  7. In Entra ID Identifier, paste the Microsoft Entra ID Identifier.

  8. In Entra ID Tenant ID, paste the Tenant ID.

  9. Click Save.

To modify the Microsoft Entra Single Sign-On integration

If you have already set up Microsoft Entra Single Sign-on, you can modify the integration.

Your Service Center must be using HTTPS. Service Centers using HTTP are not eligible for this service.

  1. In Service Center, click Configuration > System Settings.

  2. Click the Authentication tab.

  3. In the Entra ID Settings area, click the Modify button.

  4. Select the Enable Identity Provider check box.

  5. Do any of the following:

    • Click Upload and select the location of the Certificate (Base64).

    • In Identity Providerโ€™s Sign in URL, paste the Login URL.

    • In Entra ID Identifier, paste the Microsoft Entra ID Identifier.

    • In Entra ID Tenant ID, paste the Tenant ID.
      To download a text file of the Identity Providerโ€™s Sign in URL, Entra ID Identifier, Entra ID Tenant ID, and VarGuid, you can click the download button in the top right of the Identity Provider Information section.

  6. Click Save.

Contact Us
Barracuda Campus
Barracuda Support