Integrating Microsoft Entra ID with Security Center SaaS for SSO

2025-05-28

To integrate your corporate identity provider with Security Center SaaS for single sign-on, you must first prepare some information about your organization's Microsoft Entra ID setup. Then contact the Genetec™ Technical Assistance Center (GTAC) to set up a call with you and your identity provider administrator to complete the integration.

Before you begin

You must have administrator access to your Microsoft Entra ID tenant and manage consent for enterprise applications.

Refer to your identity provider documentation for details about how to apply the generic instructions detailed here.

What you should know

This procedure can only be performed during a collaborative setup call scheduled by Genetec that typically lasts around 15 minutes. Testing is performed during the setup call to check the configuration.

Procedure

To prepare for the call with Genetec, send the following information at least one day in advance:
- Email contact for the Microsoft Entra ID administrator with sufficient privileges and expertise to set up an application integration for their identity provider and manage consent for enterprise applications.
- Domains used by the users during login. For example, for users who log in with myuser@company.com, the domain is company.com.
  Note:
  This list of domains must include the domains for your user’s emails and usernames. Corporate SSO will not work properly if the email and username domains are not configured for your integration.
In GTAC, open a support ticket for SSO or SCIM, and include the information prepared earlier.
1. The integrator typically initiates this ticket.
2. Genetec verifies the information included in the ticket.
3. Genetec schedules a call with the IT administrator to configure the Microsoft Entra ID SSO setup together.
Attend the setup call with Genetec to configure Microsoft Entra ID for SSO.
Genetec provides a link to test sign-in to a test sandbox. After this first sign-in, the Genetec Login enterprise application is added to your Entra ID tenant and you must review and apply the required consent settings.
1. Review Microsoft’s documentation for more information about consent settings:
  Note:
  The Allow user consent for apps from verified publishers option produces the same result as Do not allow user consent, because Genetec Login isn’t published in the Microsoft Entra ID Marketplace.
  Genetec will assist your administrator to complete the consent required by Microsoft Entra ID.
  If consent isn’t configured, your users might encounter the following dialog from Microsoft Entra ID:
2. In the left sidebar of your Genetec Login enterprise application, click Admin consent requests to review and configure the Admin consent settings.
  With the test sandbox configured, your administrator can review and consent using this Microsoft Entra ID screen:
Test your SSO integration.
Your login using the test link confirms that your identity provider is returning the expected responses.
Move your SSO authentication integration out of the test environment.
After the sign-in test, Genetec transfers server configurations from the test sandbox to enable third-party authentication for all users. Moving the integration out of the test environment activates it for all products and portals. This means that customers' users can sign in using the new Microsoft Entra ID integration for the following:
- Security Center SaaS
- Genetec ClearID™
- Genetec Clearance™
- Genetec Cloudrunner™
- Genetec Operations Center
- Genetec Portal (genetec.com)
- Genetec Technical Assistance Portal (GTAP)
Note:
Users must still be manually invited to your Security Center SaaS system. To automate this process, see setting up automatic user provisioning.

After you finish

Confirm your login on your new SSO service.
(Optional) Set up automatic user provisioning.