Azure AD Configuration
  • Updated on 13 Jun 2019
  • 4 minutes to read
  • Contributors
  • Print
  • Share
  • Dark
    Light

Azure AD Configuration

  • Print
  • Share
  • Dark
    Light

Azure Active Directory (Azure AD) is Microsoft’s directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to various applications.

Serverless360 uses Azure AD authentication for user management, basically for any application that outsources authentication to Azure AD must be registered in a directory. Therefore it is necessary to register the Serverless360 application with your Azure AD, including the URL where it’s located, the URL to send replies after authentication, the URI to identify your application, and more. To leverage Azure AD for Serverless360 you will need the following details:

  1. Admin Azure AD UPN
  2. Admin Azure AD Id
  3. Azure AD Registered Application Id
  4. Azure AD Registered Application Password
  5. Azure AD Domain Name
  6. Azure AD Domain Tenant Id

Get Admin Azure AD UPN and Id

Azure AD user configured here will be the first user of Serverless360, with Administrator rights. This user can add other users to the application. It is recommended to choose a user with Global Admin rights on the Azure AD as the Serverless360 admin. However, any valid Azure AD user who performs the Serverless360 installation/ sign up can be configured as Serverless360 Administrator.

On- Premise Serverless360 expects Administrator to be a native user in the configured domain
The active directory user being configured as a Serverless360 Administrator should belong to the domain for license validation to pass. Say 'mktgsb360.onmicrosoft.com' is the Active Directory domain a native AD user is 'username@mktgsb360.onmicrosoft.com'. Guest user cannot be added as an Administrator in On-Premise installation of Serverless360. However SaaS version of Serverless360 permits Guest user too to be an Administrator.

Steps to get the Azure Admin AD Id and UPN from the Azure portal:

  1. Select Azure Active Directory > Users > select the Admin user
  2. User name is the Admin Azure AD UPN and Object ID is the Admin Azure AD Id

Admin-id.png

Application Registration

To register the Serverless360 Application:

  1. Log in to your Azure Account
  2. Select the Azure Active Directory from the left side navigation panel
  3. Select App registrations option under the Manage section in the Azure Active Directory screen
  4. Select New application registration button to register a new App
  5. In the Create blade, enter the App name, Application type and URL for the application. Select Web for Serverless360 and Sign-on URL as https://<yourVMDNSName>/Serverless360/login in case of on-premise installation. While configuring for the SaaS version of Serverless360 the reply URL should be https://portal.serverless360.com/login
Reply URLs in case of Private Hosting should be secured
With the recent update in Azure AD app registrations the reply URL is expected to be 'https' URL. Only localhost URLs are permitted to be 'http'.
  1. Below is an illustration on creating the application:

CreateADApp

Ensure the Redirect URI in the Authentication menu of the AD application is correct as m

Get Application ID and Password

The next step is to get the application ID and authentication key,

  1. Click App registrations in Azure Active Directory and select the created application
  2. Copy the Application ID and store it in your application code. Serverless360 refers this value as the Client ID.
  3. To generate an authentication key, click Certificates & Secrets and select the New Client Secret option
  4. Enter a Description of the key and the Expiry date, Click Save to generate the Key (Copy the Key value. You won't be able to retrieve the key when you close this blade).

GetClientId_ClientSecret

Get Tenant ID

Tenant ID is required to pass the authentication.

  1. Select the Azure Active Directory from the left side navigation panel
  2. Select Properties option
  3. Copy the Directory ID, this value is your Tenant ID

ADTenantId

Provide API Permissions

Two requirements to be achieved using this Azure AD application:

  1. Authenticate User against configured Azure AD- permission required to achieve this Delegated permission to Read User on Azure Active Directory Graph API
  2. List/ Search AD Users to add them to a role- permission required is Application permission to Read Directory on Microsoft Graph

To authorize Azure AD application through Microsoft Graph API refer the illustration below:

Add_Permissions

  1. However for the permissions to take effect, Admin consent is required which can be acquired by Global Admin logging on
    Azure portal and providing consent as below.

Grant_Consent

Ensure the application manifest has 'oauth2AllowImplicitFlow' and 'oauth2AllowIdTokenImplicitFlow' set to true. Please refer the screen shot below

AD_App_Manifest

For more clarifications, please reach us at support@serverless360.com

We'd love to hear your thoughts
Please visit our feedback system to suggest new Features or Enhancements. You can also take a look at our Roadmap
Was this article helpful?