Configuring Active Roles Federated Authentication with Azure AD.
Note: In some instances having the Active Roles Web Service installed on a remote machine may affect authentication. It is recommended to have the Web Service installed on the same machine as the Active Roles host.
PART 1 (Azure)
1) Lon into Azure Portal portal.azure.com
2) Open Azure Active Directory.
3) On left panel navigate to App Registrations | New Registration.
4) In the Register an Application portal, give it any name desired.
5) In the Redirect URI (optional) put the Active Roles Web Interface url and then click on the blue button Register. This is important because Azure will return the authentication response to this URI after successfully authenticating the user.
6) After the app has been registered, Azure portal will redirect to the Overview of the app registered, on left panel navigate to Token Configuration | Add optional claim | Token type choose SAML and then select email and upn as claim type and click Add button to add it.
7) Back to App Overview panel and note that Application ID and Directory ID are shown, this data will be required to finish steps 11 and 12 on Part 2 (Active Roles).
PART 2 (Active Roles)
8) In the Configuration Center main window, click Web Interface. The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface. To configure the federated authentication settings, click Authentication.
9) To configure the federated authentication settings, click Federated.
10) In the Identity provider configuration section, select Azure as the security Identity provider from the Identity provider drop-down menu.
12) Provide the Realm URL of the requesting realm in the Realm field.
13) Provide the URL to send a response in the Reply URL field. A URL that identifies the address at which the relying party (RP) application receives replies from the Security Token Service (STS).
Here is an example of configuring the identity providers when using the Federated Authentication feature.
IMPORTANT: By default, the priority of the claim is set based on the order the claims are created. The claim created first has the first priority, the claim created next has the secondary priority, and so on. However, you can move the claims based on the required priority.
14) In the Claim editor section, to add claims, click Add. An Add claim window will be displayed.
15) To add UPN as type of claim from the Claim type drop-down menu.
16) To add UPN as type of claim from the Claim type drop-down menu.
Here is an example of configuring the claim when using the Federated Authentication feature.
18) In the Domain user login credentials section, provide the valid credentials in the Username and Password fields. Recommended to use Active Roles service account.
19) Click Modify to update the authentication settings. A message is displayed about the successful completion of the operation.After you click Modify, the ARSWeb is modified and is ready for federated authentication.