Azure AD Configuration

Azure Active Directory (Azure AD) is Microsoft’s directory and identity management service. Azure AD combines core directory services, advanced identity governance, and application access management. For IT Admins, Azure AD provides an affordable, easy to use solution to give employees and business partners single sign-on (SSO) access to various applications.

Serverless360 uses Azure AD authentication for user management, basically for any application that outsources authentication to Azure AD must be registered in a directory. Therefore it is necessary to register the Serverless360 application with your Azure AD, including the URL where it’s located, the URL to send replies after authentication, the URI to identify your application, and more. To leverage Azure AD for Serverless360 you will need the following details:

1. Admin Azure AD UPN
2. Admin Azure AD Id
3. Azure AD Registered Application Id
4. Azure AD Registered Application Password
5. Azure AD Domain Name
6. Azure AD Domain Tenant Id

Get Admin Azure AD UPN and Id

Azure AD user configured here will be the first user of Serverless360, with Administrator rights. This user can add other users to the application. It is recommended to choose a user with Global Admin rights on the Azure AD as the Serverless360 admin. However, any valid Azure AD user who performs the Serverless360 installation/ sign up can be configured as Serverless360 Administrator.

Steps to get the Azure Admin AD Id and UPN from the Azure portal:

1. Select Azure Active Directory > Users > select the Admin user
2. User name is the Admin Azure AD UPN and Object ID is the Admin Azure AD Id

Application Registration

To register the Serverless360 Application:

1. Log in to your Azure Account
2. Select the Azure Active Directory from the left side navigation panel
3. Select App registrations option under the Manage section in the Azure Active Directory screen
4. Select New application registration button to register a new App
5. In the Create blade, enter the App name, Application type and URL for the application. Select Web for Serverless360 and Sign-on URL as https://<yourVMDNSName>/Serverless360/login in case of on-premise installation. While configuring for the SaaS version of Serverless360 the reply URL should be https://portal.serverless360.com/login

6. Below is an illustration on creating the application:

Get Application ID and Password

The next step is to get the application ID and authentication key,

1. Click App registrations in Azure Active Directory and select the created application
2. Copy the Application ID and store it in your application code. Serverless360 refers this value as the Client ID.
3. To generate an authentication key, click Certificates & Secrets and select the New Client Secret option
4. Enter a Description of the key and the Expiry date, Click Save to generate the Key (Copy the Key value. You won't be able to retrieve the key when you close this blade).

Get Tenant ID

Tenant ID is required to pass the authentication.

1. Select the Azure Active Directory from the left side navigation panel
2. Select Properties option
3. Copy the Directory ID, this value is your Tenant ID

Provide API Permissions

Two requirements to be achieved using this Azure AD application:

1. Authenticate User against configured Azure AD- permission required to achieve this Delegated permission to Read User on Azure Active Directory Graph API
2. List/ Search AD Users to add them to a role- permission required is Application permission to Read Directory on Microsoft Graph

To authorize Azure AD application through Microsoft Graph API refer the illustration below:

3. However for the permissions to take effect, Admin consent is required which can be acquired by Global Admin logging on
   Azure portal and providing consent as below.

For more clarifications, please reach us at support@serverless360.com