Using Striim Platform with Microsoft Entra ID
The Microsoft Entra application gallery is a collection of software as a service (SaaS) applications that have been pre-integrated with Microsoft Entra ID (formerly Azure Active Directory ID). The collection contains thousands of applications that make it easy to deploy and configure single sign-on (SSO) and automated user provisioning. Striim Platform is available in the Microsoft Entra application gallery as a prebuilt identity-ready application.
When you integrate Striim Platform with Microsoft Entra ID, you can control in Microsoft Entra ID who has access to Striim Platform, enable your users to be automatically signed-in to Striim Platform with their Microsoft Entra accounts, and manage your accounts in one central location.
Limitations
Note the following limitations to the integration:
If you make changes in Striim Platform, those changes will not be reflected in Microsoft Entra. You may receive a warning in the provisioning logs page about what attributes was changed. The scenario can happen with any individual field modification such as firstname, lastname or email.
When you remove a user from the Striim Platform application alone, it gets permanently deleted. To bring back the user, you must remove the user completely from Microsoft Entra, create a new user, and associate this newly created user to the Entra application.
Adding Striim Platform from the Microsoft Entra Gallery
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > Enterprise applications > New application.
In the Add from the gallery section, type Striim in the search box.
Select Striim Platform, not Striim Cloud, from the results panel and then add the app. Wait a few seconds while the app is added to your tenant.
Configuring Microsoft Entra SSO for Striim
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Identity > Applications > Enterprise applications > Striim Platform > Single sign-on.
On the Select a single sign-on method page, select SAML.
On the Basic SAML Configuration section, the application is pre-configured and the necessary URLs are already pre-populated with Azure. You can save the configuration by clicking Save.
The Striim Platform application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration. The following are a list of default attributes.
userName
emails[type eq “work”].value
name.givenName
name.familyName
externalId
The values for these mapping are pre-filled. You can verify or modify these mappings.
On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Certificate (Base64) and select Download to download the certificate and save it on your computer.
On the Set up Striim Platform section, copy the Login URL and Microsoft Entra Identifier values.
Configuring Striim Platform to trust Microsoft Entra ID as an IdP
Log into your Striim Platform account.
Go to the Manage Striim menu and section Users + Roles.
Select the Single Sign On tab.
Click Add SSO.
Select Microsoft Entra as the identity provider.
In the Add Single Sign On window, enter the Application ID and Login URL from Microsoft Entra.
Click the folder icon for Select Certificate Path and upload the certificate previously downloaded in step 6 above.
Click Save.
Test logging in to your Striim Platform account through Microsoft Entra. Logout then go to the login page and select Sign in with SAML. You will be logged in through Microsoft Entra.
Logging into Striim using SSO
Users can access Striim Platform through the Striim Platform login page or through Microsoft Entra.
To access via the Striim login page, click Use SSO. The user is redirected to the IdP login URL to complete authentication.
To access via Okta, select the Striim Platform app in the Microsoft Entra Gallery and federate into Striim.