Configuring Active Roles Federated Authentication with Azure AD.
Note: In some instances having the Active Roles Web Service installed on a remote machine may affect authentication. It is recommended to have the Web Service installed on the same machine as the Active Roles host.
PART 1 (Azure)
1) Lon into Azure Portal portal.azure.com
2) Open Azure Active Directory.
3) On the left panel navigate to App Registrations | New Registration.
4) In the Register an Application portal, give it any name desired.
5) In the Redirect URI (optional) set the Active Roles Web Interface URL and then click on the blue button Register. The URIs we will accept as destinations when returning authentication responses (tokens) after successfully authenticating or signing out users. This is important if the users want to be redirected to somewhere desired after signing off.
6) After the app has been registered, the Azure portal will redirect to the Overview of the app registered, on the left panel navigate to Token Configuration | Add optional claim | Token type choose SAML and then select email and upn as claim type and click Add button to add it.
7) Back to App Overview panel and note that Application ID and Directory ID are shown, this data will be required to finish steps 11 and 12 on Part 2 (Active Roles).
PART 2 (Active Roles)
8) In the Configuration Center main window, click Web Interface. The Web Interface page displays all the Web interface sites that are deployed on the Web server running the Web interface. To configure the federated authentication settings, click Authentication.
9) To configure the federated authentication settings, click Federated.
10) In the Identity provider configuration section, select Azure as the security Identity provider from the Identity provider drop-down menu.
Note that should have the same value from Directory tenant ID from step 7.
12) Provide the Realm URL of the requesting realm in the Realm field.
Note that should have the same value from Application client ID from step 7.
13) Provide the URL to send a response in the Reply URL field. A URL that identifies the address at which the relying party (RP) application receives replies from the Security Token Service (STS).
Note: A wildcard can be used in the URL path above to allow all Web Interface sites example: https://activeroles.oneidentity.com/*
Here is an example of configuring the identity providers when using the Federated Authentication feature.
IMPORTANT: By default, the priority of the claim is set based on the order the claims are created. The claim created first has the first priority, the claim created next has the secondary priority, and so on. However, you can move the claims based on the required priority.
14) In the Claim editor section, to add claims, click Add. An Add claim window will be displayed.
15) To add UPN as type of claim from the Claim type drop-down menu.
16) To add UPN as type of claim from the Claim type drop-down menu.
Here is an example of configuring the claim when using the Federated Authentication feature.
19) Click Modify to update the authentication settings. A message is displayed about the successful completion of the operation.
After you click Modify, the ARSWeb is modified and is ready for federated authentication.
© 2024 One Identity LLC. ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center