🛠 Guide: Setting Up Microsoft Entra SSO for Access to WatchTower (by EdgeTier)

This guide walks you through configuring Microsoft Entra (formerly Azure Active Directory) to enable Single Sign-On (SSO) for accessing WatchTower, a SaaS product provided by EdgeTier.

🔧 Step 1: Register WatchTower as an Enterprise Application

1. Sign in to the Microsoft Entra admin center.
2. Navigate to Identity > Applications > Enterprise applications > + New application.
3. Click Create your own application.
4. Enter a name like WatchTower by EdgeTier, select Integrate any other application you don't find in the gallery (Non-gallery), and click Create.

🔐 Step 2: Configure Single Sign-On (SAML)

1. In the application pane, go to Single sign-on and select SAML.
2. In the Basic SAML Configuration, fill out the following fields:

   • Identifier (Entity ID):

     urn:amazon:cognito:sp:eu-west-1_uYWAoliDm

   • Reply URL (Assertion Consumer Service URL) (Callback URL):

     https://watchtower.auth.eu-west-1.amazoncognito.com/saml2/idpresponse

   • Leave other fields (like Sign-on URL, Relay State) blank unless otherwise instructed by EdgeTier.

3. Under Attributes & Claims, you can leave the defaults or include common claims like email, givenname, surname, etc., if required by your organization's policy.
4. Under SAML Signing Certificate, copy the App Federation Metadata URL (do not download the XML file).

👥 Step 3: Assign Users and Groups

1. Go to Users and groups in the left-hand menu.
2. Click + Add user/group, then select the users or groups who should have access to WatchTower.
3. Click Assign.