Azure (Entra) IdP Integration

The Azure Active Directory (Azure AD) is an Identity Provider that maintains and manages identity information while providing authentication services to applications. This article describes how to integrate Azure AD as an IdP in Axis Security. 

The process of connecting Azure as an IdP in Axis Security is comprised of several steps:

  • Begin creating an IdP in Axis Security
  • Creating an Axis Security application in Azure
  • Completing the IdP creation in Axis

Begin Creating an IdP in Axis Security

  1. In the Management Console, go to Settings -> Identity Providers -> Add Identity Provider.
  2. Select Azure AD.
**Identity Providers** page in **Axis Management Console**

Creating an Azure IdP in the Axis Management Console

  1. Enter a Name for the IdP.

Creating an Axis Security Application in Azure

🚧

Microsoft Active Directory has been recently renamed to Microsoft Entra ID.

Step 1: Obtaining the Primary Domain Address

  1. Go to Identity-> Microsoft Entra ID-> Overview.
**Microsoft Entra ID** in the **Azure Portal**

Microsoft Entra ID in the Azure Portal

  1. Copy the Primary domain and paste it in the corresponding field in the Azure IdP form in the Axis Management Console.
Obtaining **Primary Domain** from the **Microsoft Entra ID** in the **Azure Portal**

Obtaining Primary Domain from the Microsoft Entra ID in the Azure Portal

Pasting **Primary Domain** in the IdP form in the **Axis Management Console**

Pasting Primary Domain in the IdP form in the Axis Management Console

Step 2: Creating an Axis Application in Azure

In the Microsoft Entra ID menu in the Manage section, Select Enterprise Applications.

  1. Click on Create your own application.
  2. Enter a name for the application.
  3. Select Integrate any other application you don't find in the gallery (Non-gallery).
  4. Click Create.
Creating an Axis Application in the **Azure Portal**

Creating an Axis application in the Azure Portal

Step 3: Setting Up the Application

  1. In the menu on the left select App registrations
  2. Select the All application tab. 
  3. Select the application you've been created in step 2 (e.g. AXIS OAuth).
    You can enter the application's name in the search field.
Selecting the Axis application in **Azure Portal**

Selecting the Axis application in Azure Portal

  1. Copy the Application (client) ID and paste it into the IdP Metadata section in the Azure IdP form the Axis Management Console.
Copying **Application (client) ID** from the application's overview page in the **Azure Portal**

Copying Application (client) ID from the application's overview page in the Azure Portal

Pasting the **Application (client) ID** in the IdP form in the **Axis Management Console**

Pasting the Application (client) ID in the IdP form in the Axis Management Console

Step 4: Setting Up Authentication

  1. Select Authentication from the menu on the left. 
  2. Click Add a platform.
  3. Select Web option in the menu on the right.
  1. Copy the Redirect URI from the Azure IdP form in the Axis Management Console.
Copying the **Redirect URI** from the **Azure IdP form** in the **Axis Management Console**

Copying the Redirect URI from the Azure IdP form in the Axis Management Console

  1. Paste the Redirect URI in the Configure Web dialog in the Azure Portal.
  2. Click on Configure.
Pasting the **Redirect URI** in the **Configure Web** dialog in the **Azure Portal**

Pasting the Redirect URI in the Configure Web dialog in the Azure Portal

Step 5: Certificates and Secrets

  1. In the main menu, navigate to Certificates & secrets
  2. Select Client Secrets tab.
  3. Click on New Client Secret
  4. Add a description and select expiration.
  5. Click on Add.
Creating a new client secret

Creating a new client secret in the Axis application in Azure Portal

  1. Copy the generated Value and paste it into the IdP Metadata section in the Azure IdP form in the Axis Management Console. Then click on Ok.
Pasting the **Client Secret Value** in the Azure IdP form in the **Axis Management Console**

Pasting the Client Secret value in the Azure IdP form in the Axis Management Console

  1. Click on Commit Changes in the Axis Management Console.

Step 6: API Permissions

  1. In the main menu, go to API Permissions
  2. Click Add Permission.
  3. Select the Microsoft APIs tab in the right side bar.
  4. Select the Microsoft Graph option.
  1. Click Delegated Permissions
  2. Check the following permissions (Assist the filter to find it faster):
    1. Directory.Read.All (Type: Delegated)
    2. User.Read (Type: Delegated)
  3. Click Grant admin consent for Axis Security.
  1. Click Grant admin consent for Axis Security.
  1. Click on Yes

Step 7: Test the Azure SSO integration

To test the SSO integration:

  1. Go to the Portal Address of the Azure IdP you've just created.
  1. Click on Login.
  1. You'll be navigate to Microsoft Azure login page. Successful loggin-in indicates a successful integration.

Provision users and groups to your Azure IdP

Use the following guide to provision users and groups via SCIM.