How to enable Windows Auth / Azure Auth

Modified on Mon, 29 Jan 2024 at 04:03 PM

How to enable Windows Auth

 

Allow Client Login

  • MS automatically authenticates the user logging in with the domain that the service account is a member of.
  • No additional configuration is required for login.


Create Accounts / Sync Roles

  • Create an Azure AD Connector (or use an existing one)
  • Go to: Administration\Role Groups
    • Add the name of the Azure Group to read Users to the ‘Az Group’ field.
      • Optionally prefix the group name with “[Azure Conn Name]\[Azure Group Name]”
      • Multiple Group names can be entered but separating them with a ;
      • Optionally tick ‘AD User Source’ to Create accounts in MS  from the AD/Az Group members


Allow Portal Login

  • Add the Server Role:
    • Web Server (IIS)\Web Server\Security\Windows Authentication
    • Enable WindowsAuth in the appSettings.json
  • Configure Authentication in IIS
    • Anonymous Authentication: Enabled
    • Windows Authentication: Enabled
    • All others present: Disabled

 


How to enable Azure Auth


Azure Application

  • Create an Azure AD Connector (or use an existing one)
  • Required API Permissions (Application Permission)
    • GroupMember.Read.All
    • User.ReadBasic.All
  • Configure  either a Client Secret or Certificate to use for authentication


Allow Client Login

  • Go to: Administration\Global Settings
    • Enter the Tenant ID / Client ID of the Azure App to authenticate the User with
    • Enter either a Client Secret or Certificate to use to authenticate with the Azure App
  • Update the Azure Application Configuration


Create Accounts / Sync Roles

  • Go to: Administration\Role Groups
    • Add the name of the Azure Group to read Users to the ‘Az Group’ field.
    • Optionally prefix the group name with “[Azure Conn Name]\[Azure Group Name]”
    • Multiple Group names can be entered but separating them with a ;
    • Optionally tick ‘AD User Source’ to Create accounts in MS  from the AD/Az Group members

Allow Portal Login

  • Go to: Administration\Global Settings
  • Enter the Tenant ID / Client ID of the Azure App to authenticate the User with
  • Update the Azure Application
    • Go to Authentication
    • Add a platform, select 'Web'
    • Check the box for 'https://[ManagementStudioUrl]/signin-oidc'
      • Note the url must be HTTPS
    • Tick the option 'ID tokens (used for implicit and hybrid flows)'
    • Save configuration