How to integrate Security Center with Azure Active Directory using OpenID Connect - Security Center 5.10

Security Center Administrator Guide 5.10

Product
Security Center
Content type
Guides > Administrator guides
Version
5.10
Language
English
Last updated
2023-06-12

Before Security Center can use Azure Active Directory to authenticate users with OpenID Connect, setup is required in Config Tool and the Azure Portal.

This example shows the steps required to set up third-party authentication with Azure Active Directory (Azure AD) using OpenID Connect (OIDC) access tokens. The procedure is divided into the following sections:

  1. Preparing Security Center
  2. Preparing Azure AD
  3. Integrating Security Center with Azure AD

To implement third-party authentication, you must have administrator rights in Security Center and Azure AD.

IMPORTANT: This sample integration might differ from your requirements and the Azure Portal is subject to change. When setting up Azure AD, ensure that all steps are adapted to your specific situation.

1 - Preparing Security Center

  1. Open Config Tool and connect to the Security Center main server as an administrator.
  2. In Config Tool, open System > Roles and click Add an entity > Authentication Service.

  3. In the Creating a role: Authentication Service window, select OpenID and click Next.

  4. Enter a name and optional description for the new Authentication Service role and click Next.

    NOTE: If your system has multiple partitions, you can also add the new role to a specific partition here.
  5. On the Summary page, ensure all the information is correct, click Create, and click Close.
  6. In the newly created role, click the Network endpoint tab.
  7. On the Network endpoint page, copy the OIDC redirect and logout URIs. These are needed to configure Azure AD.
    NOTE: You might need to restart the System task to see the endpoint URIs.

2 - Preparing Azure AD

Before completing these steps in the Azure Portal, you must meet all of the following prerequisites:
  • Have an Azure AD that represents your domain.
  • Have provisioned at least one user.
  • Have provisioned at least one user group that contains the users you want to grant access to Security Center.
  1. In the Azure Portal, open the Azure Active Directory for your tenant.
  2. In the left menu, select App registrations, and click New registration.

  3. Enter a Name, select Single tenant under Supported account types, and click Register.

  4. In the left menu for your application, select Authentication, click Add a platform, and select Web.

  5. In Configure Web, enter the first redirect URI for Security Center to Redirect URIs and click Configure.