How to Configure SAML 2.0 SSO with Microsoft Entra ID for SonicWall SMA 1000 Series

This article provides a guide for configuring Single Sign-On (SSO) between the SonicWall SMA 1000 series (including the SMA 8200v) and Microsoft Entra ID. By leveraging the SAML 2.0 protocol, administrators can centralize user authentication, enhance security with Multi-Factor Authentication (MFA), and provide a seamless login experience for remote users.

Learn more about configuring SAML on SMA1000 - SMA1000 Administration Guide: Configuring a SAML-Based Authentication Server.

1. Login to https://portal.azure.com/ and navigate to the Microsoft Entra ID Blade.
2. Click Add and select Enterprise application from the drop-down menu. 
3. Click Create your own application.  In the Create your own application pop-up, enter in an application name, verify Integrate any other application you don’t find in the galley (Non-gallery) is selected and press Create.
4. Under Manage, select Users and groups and then click on Add user/group.
5. Click on Users and groups.  Then once you’ve selected the applicable users or groups, click on Select and then Assign.
6. Under Manage, navigate to Single sign-on and select SAML from the available options. 
7. Login to the SMA1000 AMC. 
8. Under System Configuration, click Authentication Servers. Press New and select the SAML 2.0 Identify Provider option.
9. Appliance Configuration:
   1. Enter a valid server name under the Name field.
   2. Define a valid Appliance ID (while the Appliance ID does not need to be DNS resolvable, using the Workplace FQDN is standard practice)
   3. Select the Sign AuthnRequest message using this certificate checkbox.
   4.  Endpoint FQDN should be pre-selected, should match the Workplace FQDN users will use and be publicly resolvable.
   5. Assertion Consumer Service (ACS) URL & Single Logout Service (SLO) URL should be pre-filled and publicly resolvable.
   6. Select Export to export the settings to an XML file.
10. Toggle back to the Azure Portal – you should still be under Manage and Single sign-on. 
11. Press the Upload metadata file button and upload the XML you downloaded from the SMA1000 AMC. 
12. Scroll down and ensure the Sign on URL (Optional) URL matches the Logout Url (Optional) URL (Sign on URL does not auto-populate when importing XML).
13. Save the changes by pressing the Save button.
14. Under SAML Certificates, press the Download button beside Federation Metadata XML.
15. Toggle back to the SMA1000 AMC.
16. Under Identity Provider Configuration, press Choose File, select the Federation Metadata XML you downloaded and click Import.
17. The Identity Provider Configuration settings should be filled out now.  Press the Save button. 
18. Commit the changes via Pending Changes on the top right of the AMC screen.
19. Don’t forget to import into the AMC, the mapped users and/or groups assigned to the Enterprise Application in Entra ID.
20. Once the SMA1000 configuration is set-up to facilitate VPN connections and/or access to the Workplace (see How to Configure SMA1000 Series Appliances - Basic Setup), the end-user experience should be similar to below: