Mural integrates seamlessly with Azure Active Directory (Azure AD) to manage user identities and access permissions.
With Azure AD, you can easily manage user authentication and authorization, eliminating the need for multiple login credentials.
By integrating Mural with Azure AD, you can simplify identity management and reduce the risk of security breaches.
Mural's Azure AD integration allows you to leverage Azure AD's robust security features, including multi-factor authentication and conditional access policies.
Prerequisites
To get started with Mural Azure AD, you'll need a few things in place. A Microsoft Entra subscription is the first requirement. You can get a free account if you don't already have one.
To set up Mural Identity single sign-on (SSO), you'll need an enabled subscription. Alternatively, you can use the Enterprise App Configuration Wizard to add an application to your tenant and configure SSO.
To configure SCIM provisioning, you'll need a Microsoft Entra tenant and one of the following roles: Application Administrator, Cloud Application Administrator, or Application Owner. SCIM provisioning is only available for MURAL's Enterprise plan.
Before configuring automated provisioning, you'll need to set up SAML based SSO through Microsoft Entra ID for MURAL.
SSO
To configure single sign-on (SSO) for Mural Identity with Microsoft Entra, you need to establish a link relationship between a Microsoft Entra user and the related user in Mural Identity. This involves configuring Microsoft Entra SSO, Mural Identity SSO, and testing the SSO configuration.
To start, sign in to the Microsoft Entra admin center as a Cloud Application Administrator. Then, browse to Identity > Applications > Enterprise applications > Mural Identity > Single sign-on. Select SAML as the single sign-on method and edit the Basic SAML Configuration settings.
Mural Identity application expects the SAML assertions in a specific format, which requires custom attribute mappings to be added to your SAML token attributes configuration. The application expects the following attributes to be passed back in the SAML response: email, FirstName, and LastName.
To download the certificate and save it on your computer, navigate to the SAML Signing Certificate section in the Set up single sign-on with SAML page. Copy the appropriate URL(s) based on your requirement from the Set up Mural Identity section.
Here's a summary of the SAML attributes expected by Mural Identity:
To configure Mural Identity SSO, log in to the Mural Identity website as an administrator, click your name in the bottom left corner of the dashboard, and select Company dashboard from the list of options. Click SSO in the left sidebar and perform the following steps: paste the Login URL value, upload the Certificate (PEM), select HTTP-POST as the Request binding type, and select SHA256 as the Sign-in algorithm type.
Test your Microsoft Entra single sign-on configuration by clicking on Test this application, which will redirect to Mural Identity Sign on URL where you can initiate the login flow. Alternatively, go to Mural Identity Sign on URL directly and initiate the login flow from there.
In IDP-initiated mode, clicking on Test this application will automatically sign you in to the Mural Identity for which you set up the SSO.
Azure AD Configuration
To configure MURAL Identity with Azure AD, you'll need to enable Microsoft Entra SSO. This involves signing in to the Microsoft Entra admin center as a Cloud Application Administrator and browsing to Identity > Applications > Enterprise applications > Mural Identity > Single sign-on.
The SAML Signing Certificate section is where you'll find the Certificate (PEM) to download and save on your computer. You'll also need to copy the appropriate URL(s) from the Set up Mural Identity section.
To enable B.Simon to use single sign-on, you'll need to grant access to Mural Identity. This involves selecting the Provisioning tab, setting the Provisioning Mode to Automatic, and inputting your MURAL Identity Tenant URL and Secret Token. You'll also need to select the users and/or groups to provision to MURAL Identity by choosing the desired values in Scope in the Settings section.
Here's a list of the required attributes for user and group synchronization:
Capabilities Supported
In this section, we'll explore the capabilities supported by Azure AD Configuration. You can create users in MURAL Identity, which is a great way to get started with your team.
Here are some of the key capabilities supported by Azure AD Configuration:
- Create users in MURAL Identity
- Remove users in MURAL Identity when they do not require access anymore.
- Keep user attributes synchronized between Microsoft Entra ID and MURAL Identity
- Provision groups and group memberships in MURAL Identity.
- Single sign-on to MURAL Identity (recommended).
By using these capabilities, you can streamline your team's access and ensure that everyone has the right permissions.
Add from Application Gallery
To add MURAL Identity from the Microsoft Entra application gallery, you'll need to follow these steps. Add MURAL Identity from the Microsoft Entra application gallery to start managing provisioning to MURAL Identity.
If you've previously set up MURAL Identity for SSO, you can use the same application. However, it's recommended that you create a separate app when testing out the integration initially.
To get started, head to the Microsoft Entra application gallery and search for MURAL Identity. You can then click on the app to add it to your tenant.
User Provisioning
User Provisioning is a crucial step in setting up MURAL Identity with Microsoft Entra ID. To configure automatic user provisioning, you'll need to sign in to the Microsoft Entra admin center as a Cloud Application Administrator.
The process involves several steps, including setting up the Provisioning Mode to Automatic, inputting your MURAL Identity Tenant URL and Secret Token, and testing the connection. This ensures that Microsoft Entra ID can connect to MURAL Identity.
Under the Admin Credentials section, input your MURAL Identity Tenant URL and Secret Token, and click Test Connection to ensure the connection is successful. If the connection fails, ensure your MURAL Identity account has Admin permissions and try again.
You'll also need to review the user attributes that are synchronized from Microsoft Entra ID to MURAL Identity in the Attribute-Mapping section. The attributes selected as Matching properties are used to match the user accounts in MURAL Identity for update operations.
Here's a list of user attributes that are synchronized from Microsoft Entra ID to MURAL Identity:
To configure scoping filters, refer to the Scoping filter tutorial. To enable the Microsoft Entra provisioning service for MURAL Identity, change the Provisioning Status to On in the Settings section.
Securely Manage Access
Mural integrates with Microsoft Azure Active Directory (Azure AD) for easy access management. This integration allows for automatic provisioning and deprovisioning of Mural members using SCIM.
With Azure AD, IT teams can manage access to Mural from within the Azure portal, giving them complete control over who can access the platform.
Collaborating with external stakeholders can make access management even more complex, but Mural has a solution for that too. The platform allows enterprises to require two-factor authentication (2FA) for guests not on SSO.
Mural maintains active SOC 2 Type 2, ISO 27001, and ISO 9001 certifications, and complies with GDPR and CCPA regulations. This ensures that the platform meets the highest security standards.
By integrating with Azure AD and other identity management solutions, Mural provides a comprehensive approach to identity and access management. This approach makes it easy for IT admins to scale and manage the use of Mural.
Requiring 2FA for guests not on SSO provides an added layer of security to the authentication flow. This helps to reduce the risk of unauthorized access and ensures that only authorized users can access the platform.
Mural's approach to identity and access management is thoughtful and comprehensive, meeting the needs of IT admins at each step of the way. This includes simple and secure provisioning and authentication, as well as advanced identity controls.
Integration and Guest Security
Mural's integration with Microsoft Azure Active Directory (Azure AD) makes access management a breeze. IT teams can control who can access Mural from within the Azure portal, thanks to automatic provisioning and deprovisioning of Mural members using SCIM.
This integration also enables single sign-on (SSO) with Azure AD, streamlining the login process for users. Mural's approach to identity and access management is thoughtful and designed to meet the needs of IT admins at every step.
To further secure collaboration, Mural requires two-factor authentication (2FA) for guests not on SSO, providing an added layer of security to the authentication flow. This feature helps enterprises rest easy knowing their collaboration with external stakeholders is secure.
Integrate with Okta
Mural has launched direct integrations with Okta, which enables automated member provisioning and deprovisioning and provides secure access to Mural.
This integration streamlines critical functions in the Mural identity and access management lifecycle, making it easier for IT admins to manage user access.
With direct integrations with Okta, you can take away the guesswork for colleagues not yet provisioned access to Mural by creating a custom landing page experience with copy that guides them to the appropriate channel to retrieve a license.
By leveraging SCIM with JIT provisioning disabled, you can provide a clear solution to users who are struggling to access Mural, often by directing them to your IT help desk.
Enhance Guest Security
Collaboration with external stakeholders can be complex, but Mural makes it easier with two-factor authentication (2FA) for guests not on SSO.
Mural allows enterprises to require 2FA for guests, providing an added layer of security to the authentication flow.
This helps provide peace of mind as Mural's use case expands to involve those external to your organization.
By integrating with Microsoft Azure Active Directory (Azure AD), Mural can automatically provision and deprovision guests, making it easier to manage access to sensitive information.
This means you can collaborate with clients, partners, and other external stakeholders while maintaining a high level of security.
Mural's approach to identity and access management makes it easier to scale collaboration while meeting the demands of security-conscious enterprises.
Frequently Asked Questions
Does mural integrate with Azure DevOps?
Yes, Mural integrates with Azure DevOps, allowing you to connect your accounts and import work items as sticky notes. This integration enables smoother workflows and more efficient collaboration.
Is Microsoft Entra replacing Azure AD?
Microsoft Entra ID is replacing the names Azure Active Directory, Azure AD, and AAD, but not the underlying service. Azure AD will continue to function as Microsoft Entra ID, with the same capabilities and features.
Is Azure AD discontinued?
Azure AD is not discontinued, but its PowerShell modules will no longer be supported after March 30, 2024. Instead, Microsoft recommends migrating to the Microsoft Graph PowerShell SDK for continued support.
Sources
- https://learn.microsoft.com/en-us/microsoft-365-app-certification/teams/mural
- https://learn.microsoft.com/en-us/entra/identity/saas-apps/mural-identity-tutorial
- https://learn.microsoft.com/en-us/entra/identity/saas-apps/mural-identity-provisioning-tutorial
- https://www.mural.co/blog/security-compliance-microsoft-mural
- https://www.mural.co/blog/mural-advanced-identity-management
Featured Images: pexels.com