Setup SSO Provider on Azure AD

Setup SSO Provider on Azure AD

Description

In addition to traditional sign-on methods, the NetBeez dashboard supports single sign-on for Azure. The below steps will walk through the setup procedure.

Procedure

1. As an administrator, log in to the Azure Active Directory admin center.

2. Click on “Enterprise applications” in the left sidebar navigation.

3. Click on “New application”.

mceclip0.png

4. Click on “Create your own application”.

mceclip1.png

5. Give your app a name such as “NetBeez” and select “Register an application...” under “What are you looking to do with your application?”. Then click the “Create” button.

mceclip2.png

6. On the next screen, select the appropriate “Supported account types” for your organization. In most cases, the “Accounts in this organizational directory only” will be the appropriate option.

7. Next add an entry under “Redirect URI”, first select "Web" from the dropdown. The URI should be your server FQDN followed by “/users/auth/azure_ad/callback” (eg. https://[your server FQDN]/users/auth/azure_ad/callback). Click “Register”.

8. Your application that will facilitate the single sign-on with NetBeez has been created and you should now see it under “Enterprise applications”. Click on the application.

9. Under “Single sign-on” located in the left navigation sidebar you should see some content about “OpenID Connect”, in that content, click Go to application.

mceclip0.png

10. In order to configure the NetBeez Azure AD setting, you will need the Application (client) ID  and Directory (tenant) ID under the “Essentials” section.

11. Next you will need to create a client secret. Under the “Essentials” section you should see “Client credentials”. Click the link “Add a certificate or secret”.

mceclip4.png

12. Next you should see a section called “Client secrets”, click on the “New client secret” button.

mceclip5.png

13. Give your secret a description and pick your preferred expiration time. Then click the “Add” button. You should now see your secret under “Client secrets”, you will need the “Value” for your secret, this is the last piece of information required to configure the NetBeez Azure AD setting.

It is recommended that you maintain at least one local NetBeez administrator account.

mceclip6.png

 

14. Last we need to configure NetBeez with the information of the application you created in Azure. Navigation to “Settings” and then “Enterprise Authentication”. Expand the “Azure AD SSO” setting and enter the following information.

    a. Application (client) ID: enter into Client ID.

    b. Directory (tenant) ID: enter into Tenant ID.

    c. Client secret Value: enter into Client Secret.

    d. Default Role:  This is the default role a user will receive when logging into NetBeez for the first time. Currently, a user’s role must be escalated via NetBeez. Roles cannot be currently determined from Azure AD.

mceclip7.png

15. Click the “Save” button. Your Enterprise Authentication should now be enabled, and you should now see the “Log in with Azure AD” button on the login prompt.

mceclip0.png

 

Role-Based Access Control

Enhance your security and control with RBAC(Role-Based Access Control) for Azure SSO. This feature allows administrators to define and manage user roles and permissions, ensuring that only authorized users have access to sensitive information. With RBAC for Azure SSO, you can customize access based on your organization's needs.

To set up role-based access control for Azure SSO, you will need to create the groups inside Azure and assign users to the groups. Then the group IDs will need to be added to the NetBeez dashboard.

Create Groups

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Add + and select Group
  4. Fill out the options
  5. Click Create

Note: Create a group for Admin, Read/Write, and Read Only

Create Group Claim

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Enterprise Authentication
  4. Click on your application's name
  5. Click on Single Sign-on
  6. Click on Edit in the Attributes and Claims box
  7. Click + Add Group Claim
  8. Select "Security Groups"

Add User To Groups

  1. Login to Azure Portal
  2. Under Azure Services, click Azure Active Directory
  3. Click Users on the sidebar
  4. Click on a user's name
  5. Click on the number next to Group Memberships
  6. Click + Add Memberships 
  7. Click on a group to add the user to
  8. Click Select

Connect To NetBeez Dashboard

  1. Log in to the NetBeez dashboard as an administrator
  2. Navigate to the Settings page
  3. Navigate to Enterprise Authentication
  4. Toggle Azure AD SSO on
  5. Fill in the tenant ID, client ID, and client secret
  6. Toggle role mapping on
  7. Fill in the group ID for admin, read/write, and read-only (The object ID from Azure is the group ID) mceclip0.png
  8. Click Save Settings

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.