The Azure Active Directory (Azure AD) is an Identity Provider that maintains and manages identity information while providing authentication services to applications. This article describes how to integrate Azure AD as an IdP in Axis Security.
The process of connecting Azure as an IdP in Axis Security is comprised of several steps:
- Begin creating an IdP in Axis Security
- Creating an Axis Security application in Azure
- Completing the IdP creation in Axis
- In the Management Console, go to Settings -> Identity Providers -> Add Identity Provider.
- Select Azure AD.
- Enter a Name for the IdP.
- Go to Azure Active Directory-> Overview-> Basic information.
- Copy the Primary domain and paste it in the corresponding field in the Azure IdP form in Axis.
- Log in to Azure Active Directory.
- Select Enterprise Applications.
- Click Create your own application
- Enter a name for the application.
- Select Integrate any other application you don't find in the gallery (Non-gallery).
- Click Create.
- Go to the Axis Security App registrations page.
- In the menu on the left select App registrations.
- Enter the application's name in the search field. Remove any filters.
- Select the relevant application.
- Select Overview from the menu on the left.
- Copy the Primary Domain and paste it into the IdP Metadata section in the Azure IdP form in Axis.
- Copy the Application (client) ID and paste it into the IdP Metadata section in the Azure IdP form in Axis.
- Select Authentication from the menu on the left.
- Click Add a platform.
- Paste the Redirect URI obtained from the Axis Azure IdP form.
- Click Configure.
- In the main menu, navigate to Certificates & secrets.
- Select New Client Secret.
- Add a description, select expiration, and click Add.
- Copy the generated Value and paste it into the IdP Metadata section in the Azure IdP Integration form in Axis Security.
- In the main menu, go to API Permissions.
- Click Add Permission.
- Configure Microsoft Graph API permissions:
- Click Delegated Permissions.
- Under Select Permissions, enter the following text to the search bar: Directory.Read.All
- Click the drop-down menu under Directory and select Directory.Read.All.
- Click Add Permissions.
- Repeat step 3, enter Directory.AccessAsUser.All
- Repeat step 3, enter User.Read
- Repeat step 3, this time click Application Permissions. Enter Directory.Read.All
- Click Grant admin consent for Axis Security.
To sync users and groups, you must assign them to the AAD SCIM application.
To assign users and groups to the application:
- Go to Manage-> Users and groups.
- Select Add user/group
- Select None selected.
- In the Users and Groups window, select the users and groups you want to add to the application.
- Click Select.
- Click Assign at the bottom of the screen.
- In the Users and groups area, add the users and groups to the application.
- Paste the SAML-P Sign-on endpoint you copied in Single sign-on URL
- Upload the certificate you downloaded to IdP Signing Certificate.
- Click Submit.
Copy the following information from the Axis application in Azure:
- Primary Domain: Enter the Primary Domain obtained from Azure in Step 1: Obtaining the Primary Domain Address.
- Application (client) ID: Enter the Application (client) ID obtained from Azure in Step 2: Setting Up the Application.
- Client Secret: Enter the Client Secret obtained from Azure in Step 5: Certificates and Secrets.
Click here to learn more about configuring advanced settings.
To commit your changes, navigate to the top-right menu, click Apply Changes, then select Commit Changes.
Updated 6 months ago