How to: Configure Federated Authentication with Azure AD (4291332)

Configuring Active Roles Federated Authentication with Azure AD.

Note: In some instances having the Active Roles Web Service installed on a remote machine may affect authentication. It is recommended to have the Web Service installed on the same machine as the Active Roles host.

PART 1  (Azure)

1) Lon into Azure Portal portal.azure.com

2) Open Azure Active Directory.

3) On the left panel navigate to App Registrations | New Registration.

4) In the Register an Application portal, give it any name desired.

5) In the Redirect URI (optional) put the Active Roles Web Interface URL and then click on the blue button Register. This is important because Azure will return the authentication response to this URI after successfully authenticating the user.

6) After the app has been registered, the Azure portal will redirect to the Overview of the app registered, on the left panel navigate to Token Configuration | Add optional claim | Token type choose SAML and then select email and upn as claim type and click Add button to add it.

7) Back to App Overview panel and note that Application ID and Directory ID are shown, this data will be required to finish steps 11 and 12 on Part 2  (Active Roles).

PART 2  (Active Roles)

• To set Azure as identity provider configuration.

8) In the Configuration Center main window, click Web Interface. The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface. To configure the federated authentication settings, click Authentication.

9) To configure the federated authentication settings, click Federated.

10) In the Identity provider configuration section, select Azure as the security Identity provider from the Identity provider drop-down menu.

Note that should have the same value from Directory tenant ID from step 7.

• https://login.microsoftonline.com/ddeed548-c4b2-4f57-a4c6-0bf4a1febb42/FederationMetadata/2007-06/FederationMetadata.xml

12) Provide the Realm URL of the requesting realm in the Realm field. 

Note that should have the same value from Application client ID from step 7.

• spn:fbf46722-5c09-48bc-b954-b92196c12453

13) Provide the URL to send a response in the Reply URL field. A URL that identifies the address at which the relying party (RP) application receives replies from the Security Token Service (STS). 

• https://pmap02/arwebadmin/ <- same url set in step 5.

Here is an example of configuring the identity providers when using the Federated Authentication feature.

• To set claims in the claim editor.

IMPORTANT: By default, the priority of the claim is set based on the order the claims are created. The claim created first has the first priority, the claim created next has the secondary priority, and so on. However, you can move the claims based on the required priority.

14) In the Claim editor section, to add claims, click Add. An Add claim window will be displayed.

15) To add UPN as type of claim from the Claim type drop-down menu. 

• Claim type: UPN
• Claim value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name

16) To add UPN as type of claim from the Claim type drop-down menu. 

• Claim type: EMAIL
• Claim value: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

Here is an example of configuring the claim when using the Federated Authentication feature.

19) Click Modify to update the authentication settings. A message is displayed about the successful completion of the operation.