Confidencial Documentation
HomepageLog In
  • Getting Started
    • Sending secure PDFs with Confidencial
    • Viewing secure PDFs with Confidencial
    • Sending secure Word docs with Confidencial
    • Viewing secure Word docs with Confidencial
    • Sending secure Excel workbooks with Confidencial
    • Viewing secure Excel workbooks with Confidencial
    • Sending secure images with Confidencial
    • Viewing secure images with Confidencial
    • Sending secure messages with Confidencial
    • Viewing secure messages with Confidencial
    • Protecting content with Confidencial
    • Re-encrypting and changing who can see protected content
  • General
    • How Confidencial Works
      • What is End-to-End Protection
      • In-doc encryption
      • The Confidencial Public Key Registry
      • The Confidencial Private Key Server
      • The Confidencial Log Server
    • Account types
      • Individual
      • Organization
      • Organization administrator
    • File types
    • Key types
      • Cloud-stored keys
      • Device-stored keys
      • Temporary keys
      • Enterprise keys
      • Recovery keys
    • Logging in to the desktop or web app
    • Logging in to Confidencial
    • Encryption policies
    • Selecting encryption recipients
    • Inviting other users to Confidencial
    • Accepting an invite to Confidencial
    • Creating a Confidencial individual account
    • Re-encrypting and changing who can see protected content
    • Confidencial organizations
  • Web App
    • Encrypting a message
    • Decrypting a message
    • Encrypting files and folders
    • Decrypting a .c11 file or .c11.zip file bundle
    • Re-encrypting a Confidencial-protected file or file bundle and changing who can see them
  • Desktop App
    • Installing the desktop app
    • Encrypting files and folders
    • Decrypting a .c11 file or .c11.zip file bundle
  • Microsoft Office Add-ins
    • Installing the Microsoft Office add-ins
    • Opening the task pane
    • Logging in from an Office application
    • Encrypting an entire Word document
    • Encrypting parts of a Word document
    • Decrypting a Word document
    • Re-encrypting a Word document and changing who can see protected content
    • Installing Microsoft Add-ins via the Admin Center
  • Advanced Features
    • Storing keys on your device
    • Loading a key from your device
    • Creating a machine token
    • Obtaining public-private key pairs for use with the Confidencial SDK
  • How to Use Secure Document Request (SDR)
  • Secure Document Send
    • Sending Documents with Secure Document Send
    • Viewing Historical Document Sends
    • Creating a Persistent Share Link
    • Receiving a Persistent Share Link
  • Cloud Protector
    • Connecting AWS S3
    • Connecting Box
    • Connecting Dropbox
    • Connecting Google Cloud
    • Connecting Google Drive
    • Connecting Microsoft Azure Blob
    • Connecting Microsoft OneDrive
    • Connecting Microsoft SharePoint
    • Connecting Server Message Block
    • Connecting Wasabi
    • Connecting On-Premises Storage
  • Enterprise Deployment
    • Connecting your identity provider to Confidencial
    • Creating an S3 bucket for document requests
    • Creating a Cognito user pool to enable S3 bucket access via IDP credentials
    • Deploying the Confidencial Key Server in your environment
      • Configuring an AWS Elastic Container Service (ESC) instance
    • Running a database migration
    • Pushing a container image to your AWS container registry
    • Connecting your identity provider to the Confidencial Key Server
    • Deploying the Confidencial Desktop App to your enterprise users
    • Deploying the Confidencial Office Add-ins to your enterprise users
    • Setting up Microsoft Entra to use an Exchange account to send email notifications
  • Organization Administration
    • Adding members to an organization
    • Pre-loading members into your organization
    • Designating a member as an administrator
    • Creating a recovery key for an organization
    • Monitoring Confidencial usage within an organization
    • Organization-level policies
    • Administrator permissions
  • Command-Line Interface (CLI)
  • Software Development Kit (SDK)
  • Contact Us
  • System Requirements
  • Legal/Licensing
  • How to Access Confidencial Documents for First Time Recipients
Powered by GitBook
On this page
  • Microsoft Entra ID (formerly Azure Active Directory)
  • Configuring user and group synchronization with SCIM in Entra ID
Export as PDF
  1. Enterprise Deployment

Connecting your identity provider to the Confidencial Key Server

PreviousPushing a container image to your AWS container registryNextDeploying the Confidencial Desktop App to your enterprise users

Last updated 2 months ago

Microsoft Entra ID (formerly Azure Active Directory)

  1. Log in to the

  2. Click Microsoft Entra ID

  3. Click App registrations from the side menu

  4. Click New Registration from the top toolbar

  5. Ensure the following settings are entered:

    1. Name: Confidencial-OPKSS

    2. Supported account types: Select either “Accounts in this organizational directory only,” “Accounts in any organizational directory,” or Accounts in any organization directory and personal Microsoft accounts,” depending on who you want to be able to join your Confidencial organization

      ℹ️ Most organizations will want to select “Accounts in this organizational directory only,” as users outside your organization can log in to Confidencial via their own or via an .

    3. Redirect URI: Choose “single-page application (SPA)” in the Select a platform drop down menu and enter https://my.confidencial.io/auth-management in the input box

  6. Click Register

  7. Click Manifest (under Manage), then

    1. Change the value of acceptMappedClaims (Line 3) from null to true

    2. Click Save

  8. Return to the main Entra page and click Enterprise applications from the side menu

  9. Click Confidencial-OPKSS in the list of applications

  10. Click Single sign-on (under Manage)

  11. Click the Edit button for Attributes and Claims

  12. Click Add new claim

    1. Input a Name of https://confidencial.io/email, Source will be Attribute and Source attribute will be user.mail.

    2. Click Save

  13. Click Add new claim

    1. Input a Name of org_id, Source will be Transformation, and data will be entered like the following values:

      1. Transformation: RegexReplace()

      2. Parameter 1: Attribute

      3. Attribute name: user.city

      4. Regex pattern: ^.*$

      5. Replacement pattern: This value will be provided by your Confidencial support representative

    2. Click Add to add the transformation

    3. Click Save

  14. Return to the main page for the enterprise application Confidencial-OPKSS

  15. Click Properties (under Manage) from the side menu

  16. If you want to specify the users that can log in to Confidencial, set Assignment required to “Yes,” otherwise, all users* will be able to log in to Confidencial

    ℹ️ All users with a supported account type specified in Step 5.b above

ℹ️ This completes creation of the Entra ID application and generates a *Client ID* that must be securely transmitted to Confidencial during account set up (along with the *Entra Domain*). Optionally, you may continue to the next section to configure automatic user and group provisioning via SCIM.

Configuring user and group synchronization with SCIM in Entra ID

  1. Click Enterprise applications from the Entra ID main menu

  2. Click New application

  3. Click Create your own application

  4. For the name of the application, enter Confidencial-OPKSS-SCIM

  5. Select Integrate any…(Non-gallery) from the list of options and click Create

  6. Select Users and groups (under Manage) from the side menu

  7. Associate users and groups to this new application. These are the users and groups that will be automatically synchronized with Confidencial.

  8. Click Provisioning (under Manage) from the side menu. You may have to select Provisioning (under Manage) a second time to display the Provisioning Mode setting.

  9. Set Provisioning Mode to Automatic

  10. Under Admin Credentials, enter the following settings:

    1. Tenant URL: https://opkss.confidencial.io/{orgId}/scim/v2/?aadOptscim062020, where {orgID} is your organization’s ID, which is provided by your Confidencial support representative

    ℹ️ The Entra ID implementation requires the `?aadOptscim062020` parameter to achieve full SCIM compliance.

  11. Test your connection settings — If there are any issues here please reach out to a Confidencial support representative for further assistance.

  12. Click Save

  13. Click Overview

  14. Click Start provisioning

ℹ️ By default, the provisioning interval is set to 40 minutes; this, as well as the ability to send an email notification when a failure occurs, can be adjusted by clicking the Settings dropdown menu.

Token: This is the SCIM token created by signing into application and generating a token under the organization settings page as an admin.

Microsoft Azure portal
organization account
individual account
confidencial.io