-
Title
Configuring Microsoft’s Azure AD Federation with Safeguard -
Description
How to configure MS Azure AD Federation for Safeguard Authentication.
Is it possible to logon with Azure AD users to Safeguard? -
Resolution
1. Download the Azure AD federation metadata at https://login.microsoftonline.com/<TenantDomainName>/FederationMetadata/2007-06/FederationMetadata.xml.
For tenant-specific endpoints, the TenantDomainName can be one of the following types:* A registered domain name of an Azure AD tenant, such as: yourdomain.com* The immutable tenant ID of the domain, such as 72f988bf-86f1-41af-91ab-2d7cd011db45
More information is available from Microsoft:
https://docs.microsoft.com/en-us/azure/active-directory/azuread-dev/azure-ad-federation-metadata2. From Settings | Identity and Authentication, add a new External Federation. Enter name, description, the realm (such as yourdomain.com), click Browser and select the FederationMetadata.xml saved from above. Click Download Safeguard Federation MetaData.
3. Open the Safeguard Federation file into a text weditor.
Copy the entityID attribute of the <EntityDescriptor> element.4. Create an Azure Active Directory App Registration. Use the Redirect URI https://<safeguard server>/RSTS/Login
5. In the App registration, add a Application ID URI. For this entry use the value obtained from step 3.6. In Safeguard add the user