Azure AD authentication settings
Contents
- Registration and configuration of an application in Microsoft Azure Active Directory
- Configuring Microsoft Azure Active Directory authentication in Comindware Tracker
Registration and configuration of an application in Microsoft Azure Active Directory
Registering an application in Microsoft Azure Active Directory
In order to register an application in Microsoft Azure Active Directory , you need to go to the “ Azure Active Directory ” settings under your account at portal.azure.com . You need to go to the “ App registrations ” section and then click on “ New registration ”. Give your new application a name (“Comindware Tracker” would be a good, self-explanatory name), and specify your Comindware Tracker instance’s URI in the corresponding box.
Registered application in Azure Active Directory settings
Configuring a registered application in Microsoft Azure Active Directory
After registering an application in Microsoft Azure Active Directory , you need to open the “ Authentication ” section of the registered application’s settings. The URI you need to specify under “ Web” -> “Redirect URIs ” in this section is the web page users will be redirected to after logging in; that should be your Comindware Tracker URI (e.g. https://myserver.na1.comindware.net/ ). After doing that, you also need to check the “ ID tokens ” option under the “ Implicit grant ” tab.
Authentication section
As the next step, you need to configure the authentication token to include the users’ email addresses when they log in. To do that, go to the “ Token configuration ” section, then click on “ Add optional claim ”. In the window that pops up, select the “ ID ” token type, check the “ email ” claim and press “ Add ” to add it.
Token settings
User accounts in Microsoft Azure Active Directory
You need to make sure relevant user accounts are added to the Microsoft Azure user catalogue intended for authentication using OpenId Connect . This can be done under the “ Users ” section of Microsoft Azure Active Directory settings. On that page you can either import user accounts or create them manually. Keep in mind that the email addresses of the accounts you add should be the same as those configured for corresponding user accounts in Comindware Tracker.
User management in Microsoft Azure Active Directory
Configuring Microsoft Azure Active Directory authentication in Comindware Tracker
General settings
To configure user authentication via Microsoft Azure Active Directory in Comindware Tracker, you need to go to the Administration area and open the “ Azure Active Directory authentication ” tab. Here is an outline of the settings you can find there:
- Enable authentication to Azure AD – activate/deactivate OpenId Connect (if disabled, users won’t see the button for authenticating with Azure AD at the logon screen);
- Application (client) ID – enter the Application ID of the application you registered in Microsoft Azure Active Directory .
- Directory (tenant) ID (DirectoryId) – enter the Directory ID of the application you registered in Microsoft Azure Active Directory .
- Authority – this section is generated automatically in the format of: https://login.microsoftonline.com/{DirectoryId}/
Azure Active Directory authentication settings in Comindware Tracker
You can find the Application ID and the Directory ID in the Overview section of the registered application settings at portal.azure.com :
"Overview" section of the application
Configuring user accounts to use Microsoft Azure Active Directory authentication in Comindware Tracker
There are three authentication methods used for user accounts in Comindware Tracker: local, Active Directory and Azure Active Directory . Each user account can have just one of them enabled for it at one time. In order to enable the Microsoft Azure Active Directory authentication for a user account, you need to go to the Administration area , then to the Users tab, open the user account settings and pick the corresponding authentication method:
Selecting the authentication method for a user account
