Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
In this article, you learn how to integrate the Lenses.io DataOps portal with Microsoft Entra ID. After you integrate Lenses.io with Microsoft Entra ID, you can:
- Control in Microsoft Entra ID who has access to the Lenses.io portal.
- Enable your users to be automatically signed-in to Lenses with their Microsoft Entra accounts.
- Manage your accounts in one central location: the Azure portal.
Lenses.io is available in the following national cloud deployments.
| Global service | US Government | China operated by 21Vianet |
|---|---|---|
| ✅ | ✅ |
Prerequisites
The scenario outlined in this article assumes that you already have the following prerequisites:
- A Microsoft Entra user account with an active subscription. If you don't already have one, you can Create an account for free.
- One of the following roles:
- An instance of a Lenses portal. You can choose from a number of deployment options.
- A Lenses.io license that supports single sign-on (SSO).
Scenario description
In this article, you configure and test Microsoft Entra SSO in a test environment.
- Lenses.io supports service provider (SP) initiated SSO.
Add Lenses.io from the gallery
To configure the integration of Lenses.io into Microsoft Entra ID, add Lenses.io to your list of managed SaaS apps:
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Entra ID > Enterprise apps > New application.
- In the Add from the gallery section, enter Lenses.io in the search box.
- From results panel, select Lenses.io, and then add the app. Wait a few seconds while the app is added to your tenant.
Alternatively, you can also use the Enterprise App Configuration Wizard. In this wizard, you can add an application to your tenant, add users/groups to the app, assign roles, and walk through the SSO configuration as well. Learn more about Microsoft 365 wizards.
Configure and test Microsoft Entra SSO for Lenses.io
You'll create a test user called B.Simon to configure and test Microsoft Entra SSO with your Lenses.io portal. For SSO to work, you need to establish a link relationship between a Microsoft Entra user and the related user in Lenses.io.
Perform the following steps:
- Configure Microsoft Entra SSO to enable your users to use this feature.
- Create a Microsoft Entra test user and group to test Microsoft Entra SSO with B.Simon.
- Assign the Microsoft Entra test user to enable B.Simon to use Microsoft Entra SSO.
- Configure Lenses.io SSO to configure the SSO settings on the application side.
- Create Lenses.io test group permissions to control what B.Simon can access in Lenses.io (authorization).
- Test SSO to verify whether the configuration works.
Configure Microsoft Entra SSO
Follow these steps to enable Microsoft Entra SSO in the Azure portal:
Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
Browse to Entra ID > Enterprise apps > Lenses.io application integration page, find the Manage section, and then select single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, select the pencil icon for Basic SAML Configuration to edit the settings.

In the Basic SAML Configuration section, perform the following steps:
a. Identifier (Entity ID): Enter a URL that has the following pattern:
https://<CUSTOMER_LENSES_BASE_URL>. An example ishttps://lenses.my.company.com.b. Reply URL: Enter a URL that has the following pattern:
https://<CUSTOMER_LENSES_BASE_URL>/api/v2/auth/saml/callback?client_name=SAML2Client. An example ishttps://lenses.my.company.com/api/v2/auth/saml/callback?client_name=SAML2Client.c. Sign on URL: Enter a URL that has the following pattern:
https://<CUSTOMER_LENSES_BASE_URL>. An example ishttps://lenses.my.company.com.Note
These values aren't real. Update them with the actual Identifier,Reply URL and Sign on URL of the base URL of your Lenses portal instance. See the Lenses.io SSO documentation for more information.
On the Set up single sign-on with SAML page, go to the SAML Signing Certificate section. Find Federation Metadata XML, and then select Download to download and save the certificate on your computer.

In the Set up Lenses.io section, use the XML file that you downloaded to configure Lenses against your Azure SSO.
Create and assign Microsoft Entra test user
Follow the guidelines in the create and assign a user account quickstart to create a test user account called B.Simon.
Configure Lenses.io SSO
To configure SSO on the Lenses.io portal, install the downloaded Federation Metadata XML on your Lenses instance and configure Lenses to enable SSO.
Create Lenses.io test group permissions
- To create a group in Lenses, use the Object ID of the LensesUsers group. This is the ID that you copied in the user creation section.
- Assign the desired permissions for B.Simon.
For more information, see Azure - Lenses group mapping.
Test SSO
In this section, you test your Microsoft Entra single sign-on configuration with following options.
Select Test this application, this option redirects to Lenses.io Sign-on URL where you can initiate the login flow.
Go to Lenses.io Sign-on URL directly and initiate the login flow from there.
You can use Microsoft My Apps. When you select the Lenses.io tile in the My Apps, this option redirects to Lenses.io Sign-on URL. For more information about the My Apps, see Introduction to the My Apps.
Related content
Once you configure Lenses.io you can enforce session control, which protects exfiltration and infiltration of your organization’s sensitive data in real time. Session control extends from Conditional Access. Learn how to enforce session control with Microsoft Defender for Cloud Apps.