教學課程:Azure Active Directory 單一登入 (SSO) 與 Virtual Risk Manager 整合Tutorial: Azure Active Directory single sign-on (SSO) integration with Virtual Risk Manager

在本教學課程中,您會了解如何整合 Virtual Risk Manager 與 Azure Active Directory (Azure AD)。In this tutorial, you'll learn how to integrate Virtual Risk Manager with Azure Active Directory (Azure AD). 當您整合 Virtual Risk Manager 與 Azure AD 時,您可以:When you integrate Virtual Risk Manager with Azure AD, you can:

  • 您可以在 Azure AD 中控制可存取 Virtual Risk Manager 的人員。Control in Azure AD who has access to Virtual Risk Manager.
  • 讓使用者使用其 Azure AD 帳戶自動登入 Virtual Risk Manager。Enable your users to be automatically signed-in to Virtual Risk Manager with their Azure AD accounts.
  • 在 Azure 入口網站集中管理您的帳戶。Manage your accounts in one central location - the Azure portal.

必要條件Prerequisites

若要開始,您需要下列項目:To get started, you need the following items:

  • Azure AD 訂用帳戶。An Azure AD subscription. 如果沒有訂用帳戶,您可以取得免費帳戶If you don't have a subscription, you can get a free account.
  • 已啟用 Virtual Risk Manager 單一登入 (SSO) 的訂用帳戶。Virtual Risk Manager single sign-on (SSO) enabled subscription.

案例描述Scenario description

在本教學課程中,您會在測試環境中設定和測試 Azure AD SSO。In this tutorial, you configure and test Azure AD SSO in a test environment.

  • Virtual Risk Manager 支援由 IDP 起始的 SSOVirtual Risk Manager supports IDP initiated SSO

若要設定 Virtual Risk Manager 與 Azure AD 整合,您需要從資源庫將 Virtual Risk Manager 新增到受控 SaaS 應用程式清單中。To configure the integration of Virtual Risk Manager into Azure AD, you need to add Virtual Risk Manager from the gallery to your list of managed SaaS apps.

  1. 使用公司或學校帳戶或個人的 Microsoft 帳戶登入 Azure 入口網站。Sign in to the Azure portal using either a work or school account, or a personal Microsoft account.
  2. 在左方瀏覽窗格上,選取 [Azure Active Directory] 服務。On the left navigation pane, select the Azure Active Directory service.
  3. 巡覽至 [企業應用程式],然後選取 [所有應用程式]。Navigate to Enterprise Applications and then select All Applications.
  4. 若要新增應用程式,請選取 [新增應用程式] 。To add new application, select New application.
  5. 在 [從資源庫新增] 區段的搜尋方塊中輸入 Virtual Risk ManagerIn the Add from the gallery section, type Virtual Risk Manager in the search box.
  6. 從結果面板選取 [Virtual Risk Manager],然後新增應用程式。Select Virtual Risk Manager from results panel and then add the app. 當應用程式新增至您的租用戶時,請等候幾秒鐘。Wait a few seconds while the app is added to your tenant.

設定和測試 Virtual Risk Manager 的 Azure AD SSOConfigure and test Azure AD SSO for Virtual Risk Manager

以名為 B.Simon 的測試使用者,設定及測試與 Virtual Risk Manager 搭配運作的 Azure AD SSO。Configure and test Azure AD SSO with Virtual Risk Manager using a test user called B.Simon. 若要讓 SSO 能夠運作,您必須建立 Azure AD 使用者與 Virtual Risk Manager 中相關使用者之間的連結關聯性。For SSO to work, you need to establish a link relationship between an Azure AD user and the related user in Virtual Risk Manager.

若要設定及測試與 Virtual Risk Manager 搭配運作的 Azure AD SSO,請執行下列步驟:To configure and test Azure AD SSO with Virtual Risk Manager, perform the following steps:

  1. 設定 Azure AD SSO - 讓您的使用者能夠使用此功能。Configure Azure AD SSO - to enable your users to use this feature.
    1. 建立 Azure AD 測試使用者 - 使用 B.Simon 測試 Azure AD 單一登入。Create an Azure AD test user - to test Azure AD single sign-on with B.Simon.
    2. 指派 Azure AD 測試使用者 - 讓 B.Simon 能夠使用 Azure AD 單一登入。Assign the Azure AD test user - to enable B.Simon to use Azure AD single sign-on.
  2. 設定 Virtual Risk Manager SSO - 在應用程式端設定單一登入設定。Configure Virtual Risk Manager SSO - to configure the single sign-on settings on application side.
    1. 建立 Virtual Risk Manager 測試使用者 - 使 Virtual Risk Manager 中對應的 B.Simon 連結到該使用者在 Azure AD 中的代表項目。Create Virtual Risk Manager test user - to have a counterpart of B.Simon in Virtual Risk Manager that is linked to the Azure AD representation of user.
  3. 測試 SSO - 驗證組態是否能運作。Test SSO - to verify whether the configuration works.

設定 Azure AD SSOConfigure Azure AD SSO

依照下列步驟在 Azure 入口網站中啟用 Azure AD SSO。Follow these steps to enable Azure AD SSO in the Azure portal.

  1. 在 Azure 入口網站的 [Virtual Risk Manager] 應用程式整合頁面上,尋找 [管理] 區段並選取 [單一登入]。In the Azure portal, on the Virtual Risk Manager application integration page, find the Manage section and select single sign-on.

  2. 在 [選取單一登入方法] 頁面上,選取 [SAML]。On the Select a single sign-on method page, select SAML.

  3. 在 [以 SAML 設定單一登入] 頁面上,按一下 [基本 SAML 設定] 的編輯/畫筆圖示,以編輯設定。On the Set up single sign-on with SAML page, click the edit/pen icon for Basic SAML Configuration to edit the settings.

    編輯基本 SAML 組態

  4. 在 [基本 SAML 設定] 設定區段上,已預先設定好應用程式,並已經為 Azure 預先填入必要的 URL。On the Basic SAML Configuration section, the application is pre-configured and the necessary URLs are already pre-populated with Azure. 使用者必須按一下 [儲存] 按鈕,才能儲存設定。The user needs to save the configuration by clicking the Save button.

  5. 在 [以 SAML 設定單一登入] 頁面上的 [SAML 簽署憑證] 區段中,尋找 [同盟中繼資料 XML] ,然後選取 [下載] ,以下載憑證並將其儲存在電腦上。On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML and select Download to download the certificate and save it on your computer.

    憑證下載連結

  6. 在 [設定 Virtual Risk Manager] 區段上,依據您的需求複製適當的 URL。On the Set up Virtual Risk Manager section, copy the appropriate URL(s) based on your requirement.

    複製組態 URL

建立 Azure AD 測試使用者Create an Azure AD test user

在本節中,您將在 Azure 入口網站中建立名為 B.Simon 的測試使用者。In this section, you'll create a test user in the Azure portal called B.Simon.

  1. 在 Azure 入口網站的左窗格中,依序選取 [Azure Active Directory] 、[使用者] 和 [所有使用者] 。From the left pane in the Azure portal, select Azure Active Directory, select Users, and then select All users.
  2. 在畫面頂端選取 [新增使用者] 。Select New user at the top of the screen.
  3. 在 [使用者] 屬性中,執行下列步驟:In the User properties, follow these steps:
    1. 在 [名稱] 欄位中,輸入 B.SimonIn the Name field, enter B.Simon.
    2. 在 [使用者名稱] 欄位中,輸入 username@companydomain.extension。In the User name field, enter the username@companydomain.extension. 例如: B.Simon@contoso.comFor example, B.Simon@contoso.com.
    3. 選取 [顯示密碼] 核取方塊,然後記下 [密碼] 方塊中顯示的值。Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. 按一下頁面底部的 [新增] 。Click Create.

指派 Azure AD 測試使用者Assign the Azure AD test user

在本節中,您會將 Virtual Risk Manager 的存取權授與 B.Simon,讓其能夠使用 Azure 單一登入。In this section, you'll enable B.Simon to use Azure single sign-on by granting access to Virtual Risk Manager.

  1. 在 Azure 入口網站中,選取 [企業應用程式] ,然後選取 [所有應用程式] 。In the Azure portal, select Enterprise Applications, and then select All applications.
  2. 在應用程式清單中,選取 [Virtual Risk Manager]。In the applications list, select Virtual Risk Manager.
  3. 在應用程式的概觀頁面中尋找 [管理] 區段,然後選取 [使用者和群組] 。In the app's overview page, find the Manage section and select Users and groups.
  4. 選取 [新增使用者] ,然後在 [新增指派] 對話方塊中選取 [使用者和群組] 。Select Add user, then select Users and groups in the Add Assignment dialog.
  5. 在 [使用者和群組] 對話方塊的 [使用者] 清單中選取 [B.Simon],然後按一下畫面底部的 [選取] 按鈕。In the Users and groups dialog, select B.Simon from the Users list, then click the Select button at the bottom of the screen.
  6. 如果您需要將角色指派給使用者,您可以從 [選取角色] 下拉式清單中選取。If you are expecting a role to be assigned to the users, you can select it from the Select a role dropdown. 如果未設定此應用程式的角色,您會看到已選取 [預設存取] 角色。If no role has been set up for this app, you see "Default Access" role selected.
  7. 在 [新增指派] 對話方塊中,按一下 [指派] 按鈕。In the Add Assignment dialog, click the Assign button.

設定 Virtual Risk Manager SSOConfigure Virtual Risk Manager SSO

若要在 Virtual Risk Manager 端設定單一登入,您必須將從 Azure 入口網站下載的 [同盟中繼資料 XML] 和所複製的適當 URL 傳送給 Virtual Risk Manager 支援小組To configure single sign-on on Virtual Risk Manager side, you need to send the downloaded Federation Metadata XML and appropriate copied URLs from Azure portal to Virtual Risk Manager support team. 他們會進行此設定,讓兩端的 SAML SSO 連線都設定正確。They set this setting to have the SAML SSO connection set properly on both sides.

建立 Virtual Risk Manager 測試使用者Create Virtual Risk Manager test user

在本節中,您要在 Virtual Risk Manager 中建立名為 Britta Simon 的使用者。In this section, you create a user called Britta Simon in Virtual Risk Manager. Virtual Risk Manager 支援小組合作,在 Virtual Risk Manager 平台中新增使用者。Work with Virtual Risk Manager support team to add the users in the Virtual Risk Manager platform. 您必須先建立和啟動使用者,然後才能使用單一登入。Users must be created and activated before you use single sign-on.

測試 SSOTest SSO

在本節中,您會使用下列選項來測試您的 Azure AD 單一登入組態。In this section, you test your Azure AD single sign-on configuration with following options.

  • 在 Azure 入口網站中按一下 [測試此應用程式],您應該會自動登入您已設定 SSO 的 Virtual Risk ManagerClick on Test this application in Azure portal and you should be automatically signed in to the Virtual Risk Manager for which you set up the SSO

  • 您可以使用 Microsoft 存取面板。You can use Microsoft Access Panel. 當您在存取面板中按一下 [Virtual Risk Manager] 圖格時,應該會自動登入您已設定 SSO 的 Virtual Risk Manager。When you click the Virtual Risk Manager tile in the Access Panel, you should be automatically signed in to the Virtual Risk Manager for which you set up the SSO. 如需「存取面板」的詳細資訊,請參閱存取面板簡介For more information about the Access Panel, see Introduction to the Access Panel.

後續步驟Next steps

設定 Virtual Risk Manager 後,您可以強制執行工作階段控制項,以即時防止組織的敏感資料遭到外洩和滲透。Once you configure Virtual Risk Manager you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. 工作階段控制項會從條件式存取延伸。Session control extends from Conditional Access. 了解如何使用 Microsoft Cloud App Security 來強制執行工作階段控制項Learn how to enforce session control with Microsoft Cloud App Security.