Now Hiring: Are you a driven and motivated 1st Line IT Support Engineer?

Please note, the following steps walk through an example use case and the information that will need to be saved will be specific to your application.

Application Registration using Azure Portal #

To setup Azure Single Sign-On with SecurEnds and Azure AD, you need to register SecurEnds as an application within the Azure portal. Doing this will create the service principal object in your Azure AD tenant.

The information that will need to be gathered and saved throughout the steps below are as follows:

  • Tenant Id
  • Client Secret
  • Client Id
  • Group Name
Step 1: Create Application #
This image has an empty alt attribute; its file name is image-80.png
  • Make note of the Tenant ID displayed on the right as this will need to be supplied to the SecurEnds team. After making note, select Enterprise applications
This image has an empty alt attribute; its file name is image-82.png
  • Select New application. Be sure you have appropriate access. Admin permission is needed to create new application.
This image has an empty alt attribute; its file name is image-84.png

Select Nongallery application

This image has an empty alt attribute; its file name is image-85.png
  • Give an application name and select Add
This image has an empty alt attribute; its file name is image-86.png
  • After creating an application, you will be automatically navigated to the application overview page
    • Make note of the Application ID and Object ID displayed on the screen as these will need to be supplied to the SecurEnds team
    • After making note, select Single sign-on on the left navigation menu
This image has an empty alt attribute; its file name is image-87.png
  • Select Linked as the single sign-on method
This image has an empty alt attribute; its file name is image-88.png
  • Provide the Sign on URL and select Save
This image has an empty alt attribute; its file name is image-89.png
  • Navigate to home page > select Azure active directory > then select App registrations
This image has an empty alt attribute; its file name is image-90.png
  • Select the application just created
This image has an empty alt attribute; its file name is image-91.png
  • Select Certificates and secrets
This image has an empty alt attribute; its file name is image-93.png
  • Select New client secret
This image has an empty alt attribute; its file name is image-94.png
  • Add a Description and select a Expires timeframe. Once complete select Add
This image has an empty alt attribute; its file name is image-95.png
  • The Client Secret will be displayed when these settings are saved and compulsory, copy the key to the clipboard, once you leave the page the key will not be visible
    • Make note of the Client Secret displayed on the screen as this will need to be supplied to the SecurEnds team
This image has an empty alt attribute; its file name is image-96.png
Step 2: Azure Permissions #

After registering SecurEnds as an application within the Azure portal, the next step is to make sure the application has the correct API permissions to access data within Microsoft Graph. To do this the user or administrator must grant the correct permissions via a consent process.

  • Select the Authentication link on the left navigation menu and select Add a platform
This image has an empty alt attribute; its file name is image-97.png
  • Select Web as the configure platform under web applications
This image has an empty alt attribute; its file name is image-98.png
  • Select “Add a platform” and input Redirect URL as below:
  • https://companyname.securends.com/login/oauth2/code/azure
  • Configure
  • No need to add Logout URL since we are using REST API for logout
This image has an empty alt attribute; its file name is image-99.png

Under Logout URL in Implicit Grant, access token and ID token checkboxes should be enabled

  • Select API permissions on the left navigation menu and select Add a permission
This image has an empty alt attribute; its file name is image-100.png
  • Select Microsoft Graph under Commonly used MicrosoftAPIs
This image has an empty alt attribute; its file name is image-101.png
  • Under Microsoft Graph give the following Delegated Permissions. Totaling 4 permissions in all.
This image has an empty alt attribute; its file name is image-102.png
  • Delegated permissions:
    • Email
    • Openid
    • Profile
    • Directory
  • Search for Directory Permissions and Select Directory.AccessAsUser.All permission.
This image has an empty alt attribute; its file name is image-104.png
  • Select email, openid and profile permissions as shown below
This image has an empty alt attribute; its file name is image-105.png
  • Select Add permissions and then select Grant admin consent for ******
This image has an empty alt attribute; its file name is image-106.png
  • Select Yes
This image has an empty alt attribute; its file name is image-107.png
  • After selecting required permissions check the status for granted/not granted
    • Admin will get an option to grant those permissions beside “Add a permission button”
Step 3: Manifest Configuration #
  • Select the “Manifest” link on the left navigation menu and update the following:
    • oauth2AllowImplicitFlow value to true
This image has an empty alt attribute; its file name is image-109.png
Step 4: Users and Groups Creation (Optional) #

If users and groups have already been created then you can skip this step but make note of the “Group Name” as this will need to be supplied to the SecurEnds team

  • Create users and groups (If already created then ignore this step)
  • Navigate to Azure Active Directory and select Users
This image has an empty alt attribute; its file name is image-110.png
  • Select New User and add the appropriate details
  • Navigate to Azure Active Directory and select Groups
This image has an empty alt attribute; its file name is image-111.png
  • Select New Group and add the appropriate users to that group
    • This group contains a list of Active Directory groups to use for authorization
    • Make note of this Group Name as it will need to be supplied to the SecurEnds team
Step 5: Configuration Settings #

Once the steps above have been completed then you can provide SecurEnds the following information that was saved based on the directions from each step

  • Tenant Id
    • Contains your Active Directory’s Directory ID from earlier
  • Client Id
    • Contains the Application ID from your app registration that you completed earlier
  • Client Secret
    • Contains the Value from your app registration key that you completed earlier
  • Group Name
    • Contains a list of Active Directory groups to use for authorization

Powered by BetterDocs

open

It’s official, SecurEnds raises $21M Series A! For more details, check out our Press Release and a message from our CEO.