This document describes the steps to configure Azure AD for Single Sign On with Resolution Intelligence Cloud.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Configuration
Resolution Intelligence Cloud integrates with Microsoft Azure AD to let the user’s login with SSO to access.
Prerequisites
- Admin in Resolution Intelligence Cloud.
- Azure AD Administrator access through your organization to register an App in Azure AD.
Register your app in Azure AD
Required User Roles:
To register your app in Azure AD
1. Login to Azure portal https://portal.azure.com with an Azure account with required permissions.
2. Search for and select Azure Active Directory.
3. Under Manage, select App registrations > New registration.
A new registration form appears.
4. Type a name for the application and click Register.
5. On the App Overview page, click Add a Redirect URI.
6. In Add a Redirect URI field, enter https://auth.netenrich.com/login/callback and click Save.
7. Next, click Certificate and Secrets from the left menu.
8. Click New client secret to create a new secret ID and value.
Note: Write down the secret ID and its respective value. These are used during Resolution Intelligence Cloud configuration for SSO.
9. Click API Permissions from the left menu.
10. Click Add Permissions --> Microsoft Graph -->Delegated Permissions.
11. Add permissions as shown in the image and Grant admin consent for.
12. Go to App Overview page and note down Application(client) ID. This ID is required while configuring SSO integrations in Resolution Intelligence Cloud.
Configuring Azure AD settings in Resolution Intelligence Cloud
To configure Microsoft Azure AD integration
1. Login to https://app.netenrich.com with a Global Admin role.
2. From Resolution Intelligence home screen, click Configurations --> Authentication in the left menu.
3. Click Setup Provider under the Microsoft AD tile
A new Azure AD Connection form appears.
4. Enter the following fields and click Create at the bottom of screen.
Field | Description |
Connection name | Type a name for the integration |
Microsoft Azure AD Domain | Your Azure AD domain name. |
Client ID | This is the application (client) ID that you have noted during Azure app registration |
Client Secret | Enter the saved value of the client secret that you noted during Azure app registration. |
Use common endpoint | Keep it disabled. |
Identity API | Select “Microsoft Identity Platform (v2) |
Attributes | Select the check box for “Base Profile.” |
Extended Attributes (optional) | Check the box for Extended Profile and Get user groups |
APIs (optional) | When selected, indicates that we require the ability to make calls to the Azure AD API, which allows us to search for users in the Azure AD Graph even if they never logged in to Resolution Intelligence Cloud |
Sync user profile attributes at each login | When enabled, Resolution Intelligence Cloud automatically syncs user profile data with each user login, thereby ensuring that changes made in the connection source are automatically updated in Resolution Intelligence Cloud. |
Email Verification | Leave it to default. |
Multifactor Authentication | Multi-Factor Authentication (MFA) can be enabled or disabled at any point during or after setting up the Single Sign-On (SSO) connection. It is important to note that MFA functionality is exclusive to the SSO connection and applies solely to users logging in via the domain specified under "identity provider domains." By default, MFA is disabled. To activate it, simply tick the checkbox labelled "Enable MFA while the user logs in. |
You have established a Microsoft Azure AD connection successfully.
Invite User with SSO Integration
1. For users to be able to login using SSO, they must be re-invited using SSO connection.
2. An existing Owner or Global Admin user with local authentication logged in, add a new user with Owner role by enabling the newly created SSO integration in Resolution Intelligence Cloud.
3. A newly invited user will be redirected to Azure AD for authentication.
4. For existing users with local authentication, users must be deleted and re-invited using an SSO connection.
Comments
0 comments
Please sign in to leave a comment.