1. Home
  2. NCX
  3. Step 2 - Configuration
  4. Authentication
  5. Create an Azure AD Authentication Stage

Create an Azure AD Authentication Stage

This page is applicable to NetConnect X 1.5 and above

Overview

NetConnect provides the ability to integrate directly Azure AD in order to validate user credentials against your Azure environment, providing seamless integration with your exiting cloud environment.

Prerequisites

In order to create an Azure AD authentication stage, you’ll need Global Administrator access to an Azure environment configured with Azure Active Directory. This is required to create and configure the various webapps needed to handle the authentication requests on the Azure side. Additionally, your NetConnect instance must have an SSL certificate.

Configure a NativeApp on your Azure Active Directory.

Navigate to Azure Active Directory > App registrations.
Select New Application Registration. Enter a name for your Native App, select the Application Type as ‘Native App’ and then enter the URL of your NetConnect instance and click ‘Create’.

Navigate to Settings > Owners.
Add the required users and configure with the permissions as described below.

Add a Native App Microsoft Graph API

Navigate to Settings > Required Permissions

Click Add. Expand the  ‘Select API’ section, locate and select Microsoft Graph API. From the permissions list, add “Read all users’ full profiles”, click ‘Select’ and then ‘Done’. Finally, from the required Permissions page, click on Grant Permissions to complete the process.

NativeApp Permissions.

The following permissions must be in place on your NativeApp in order to fully integrate with NetConnect:

  • Microsoft Graph – Delegate Permission. “Sign in and read user profile”.
  • Windows Azure Active Directory > Delegate Permission. “Sign in and read user profile”.
Configure a WebApp on your Azure Active Directory.

Navigate to Azure Active Directory > App Registrations
Select ‘New Application Registration’. Enter a name for your WebApp, select ‘Web app / api” from the Application Type dropdown menu, enter the URL of your NetConnect instance and click ‘Create’.

Add a WebApp Microsoft Graph API

Navigate to Settings > Required Permissions

Click Add. Expand the  ‘Select API’ section, locate and select Microsoft Graph API. From the permissions list, add “Read all users’ full profiles”, click ‘Select’ and then ‘Done’. Finally, from the required Permissions page, click on Grant Permissions to complete the process.

WebApp Permissions.

The following permissions must be in place on your WebApp in order to fully integrate with NetConnect:

  • Microsoft Graph – Application Permissions. “Read all users’ full profiles”.
  • Microsoft Graph – Delegate Permission. “Sign in and read user profile”
  • Windows Azure Active Directory – Application Permissions. “Read and write all applications”.
  • Windows Azure Active Directory – Delegate Permission. “Sign in and read user profile”. DEFAULT

Creating an Azure Active Directory Authentication Stage

Once your NativeApp and WebApp have been correctly configured, you’ll be able to create your authentication stage. Navigate to the Authentication -> Authentication Stages page, click on the ‘Create’ button, select ‘Azure AD’ and click ‘Next’.

You will be presented with the Basic Information page. Completing these fields will allow you to create a connection to your Azure AD environment. Additional Information can be used to identify your stage easier.

Basic Information

Complete the following details to configure your Azure AD stage.

LDAP Settings Description
Tenant Enter your Azure Tenant ID
Native Client ID Enter the Native Client Application ID from your Azure AD instance. This can be located on the ‘App Registration’ page.
WebApp Client ID Enter the WebApp Client Application ID from your Azure AD instance. This can be located on the ‘App Registration’ page.
Bind Username Enter a user ID from your tenant
Bind Password Enter the password for the nominated Bind User
Advanced Information

The advanced options for Azure AD are two simple, optional fields to help identify the stage easier; the Stage Name (which defaults to “Azure AD”) and the Stage Description.

Once you have entered all the required information, you can click ‘Test Connection’ to confirm the Azure AD can be reached – if this check fails, please confirm the settings entered are correct. Once you’re happy with your configuration, click ‘Create’. If you wish to use this authentication stage, you will need to click the  ‘Activate’ icon and deactivate the local stage.

Accessing your NetConnect instance with an active Azure AD stage

When accessing an instance of NetConnect configured for Azure AD Authentication, users are presented with a standard Microsoft login page. Once a user enters their standard credentials, they will be passed through to their workspace from where they can access their applications.

Resetting Passwords

Environments configured with Azure AD allow users to set or update expired passwords. When a password has expired or an account has been configured with a one-time password, users will be prompted to reset their passwords via the standard Windows password reset mechanism.

Master Admin access via Azure AD

Accessing your NetConnect account with Master Admin credentials is not possible via the standard Microsoft portal that presents when you have an Azure AD stage configured. In order to login as a Master Admin, you will need to navigate to add the suffix “/#/masteradminlogin” to your NetConnect URL. For example, if your URL is “netconnect.mydomain.com”, you’ll need to navigate to “netconnect.mydomain.com/#/masteradminlogin”

Next Steps…

Now your Azure AD Authentication Stage has been configured, you can assign licences to your users or configure and assign applications. Alternatively, you may wish to create an additional authentication stage in order to configure multi-factor authentication. 

<<Configure a Active Directory Auth. Stages              Configure an LDAPS Auth. Stage >>

Updated on July 17, 2019

Was this article helpful?

Related Articles