How to enable Windows Authentication / Azure Authentication

Modified on Fri, 13 Sep at 7:05 PM

TABLE OF CONTENTS

How to enable Windows Authentication

 

Allow Client Login

  • ManagementStudio automatically authenticates the user logging in with the domain that the service account is a member of.
  • No additional configuration is required for login.


Create Accounts / Sync Roles

  • Create an Azure AD Connector (or use an existing one)
  • Go to: Administration\Role Groups
    • Add the name of the Azure Group to read Users to the ‘Az Group’ field.
      • Optionally prefix the group name with “[Azure Conn Name]\[Azure Group Name]”
      • Multiple Group names can be entered but separating them with a ;
      • Optionally tick ‘AD User Source’ to Create accounts in MS  from the AD/Az Group members


Allow Portal Login

  • Add the Server Role:

    • Web Server (IIS)\Web Server\Security\Windows Authentication
    • Enable WindowsAuth in the appSettings.json

    • Add this section to AppSetting.json, just before the scheduler settings as shown below


      "PortalAuth": {

            "WindowsAuth": {

              "Enabled": true,

              "Comment": "WindowsAuth requires Windows Authentication to be enabled in IIS, without this MS will not launch!"

            },

            "AzureAuth": {

              "Enabled": true

            }

          },

  • Configure Authentication in IIS

    • Anonymous Authentication: Enabled
    • Windows Authentication: Enabled
    • All others present: Disabled

 


How to enable Azure Authentication


Azure Application

  • Create an Azure AD Connector (or use an existing one)
  • Required API Permissions (Application Permission)
    • GroupMember.Read.All
    • User.ReadBasic.All
  • Configure  either a Client Secret or Certificate to use for authentication


Allow Client Login

  • Go to: Administration\Global Settings
    • Enter the Tenant ID / Client ID of the Azure App to authenticate the User with
    • Enter either a Client Secret or Certificate to use to authenticate with the Azure App
  • Update the Azure Application Configuration


Create Accounts / Sync Roles

  • Go to: Administration\Role Groups
    • Add the name of the Azure Group to read Users to the ‘Az Group’ field.
    • Optionally prefix the group name with “[Azure Conn Name]\[Azure Group Name]”
    • Multiple Group names can be entered but separating them with a ;
    • Optionally tick ‘AD User Source’ to Create accounts in MS  from the AD/Az Group members

Allow Portal Login

  • Go to: Administration\Global Settings
  • Enter the Tenant ID / Client ID of the Azure App to authenticate the User with
  • Update the Azure Application
    • Go to Authentication
    • Add a platform, select 'Web'
    • Check the box for 'https://[ManagementStudioUrl]/signin-oidc'
      • Note the url must be HTTPS
    • Tick the option 'ID tokens (used for implicit and hybrid flows)'
    • Save configuration




Further Support

If you require further support, please visit ManagementStudio's Service Desk to search the knowledge base or create a new support ticket.