How to integrate Security Center with Azure Active Directory using OpenID Connect - Security Center 5.12

Security Center Administrator Guide 5.12

Product
Security Center
Content type
Guides > Administrator guides
Version
5.12
Language
English
Last updated
2024-09-13

Before Security Center can use Azure Active Directory to authenticate users with OpenID Connect, setup is required in Config Tool and the Azure Portal.

This example shows how to set up third-party authentication with Azure Active Directory (Azure AD) using OpenID Connect (OIDC) access tokens. The procedure is divided into three sections:

  1. Preparing Security Center
  2. Preparing Azure AD
  3. Integrating Security Center with Azure AD
Security Center offers assisted identity provider configuration to ease third-party authentication with Azure AD. It provides the relevant information needed for the configuration.
NOTE: When you create an Authentication Service role with Provider:Other, Security Center does not offer much assistance in the identity provider configuration.
Creating a role: Authentication Service window in Config Tool shows assisted identity provider configuration.
At each step, the configuration wizard helps you with the following tasks:
  • Locating the properties in the Azure portal
  • Understanding the significance of each property
  • Validating the properties before you can proceed
  • Accessing corresponding help topics

To implement third-party authentication, you must have administrator rights in Security Center and Azure AD.

IMPORTANT: This sample integration might differ from your requirements and the Azure Portal is subject to change. When setting up Azure AD, ensure that all steps are adapted to your situation.

1 - Preparing Security Center

  1. Open Config Tool and connect to the Security Center main server as an administrator.
  2. From the Config Tool homepage, open the System task and click the Roles view.
  3. Click Add an entity () > Authentication Service.
    Add an entity menu in Config Tool, with the Authentication Service role highlighted.

    The Creating a role: Authentication Service window opens.

  4. In the Specific info section, select the identity provider and the authentication protocol and click Next.
    Provider
    Azure AD
    Protocol
    OpenID Connect

    Creating a role: Authentication Service window in Config Tool, with the Azure AD identity provider and the OpenID protocol selected.

  5. In the Basic information section, enter a name and optional description for the new Authentication Service role.

    Creating a role: Authentication Service window in Config Tool shows the Basic information fields for Azure AD.

  6. If there are partitions in your system, select the partition of which this role is a member and click Create.

    Partitions determine which Security Center users have access to this entity. Only users who have been granted access to the partition can see this role.

  7. From the App registration page, copy the redirect and logout URIs.

    For more information, see About role endpoints configuration.

  8. Click Suspend > Save.
    NOTE: The Suspend button allows you to save and exit the configuration wizard temporarily. You can suspend the configuration at any time during the process.

2 - Preparing Azure AD

Before completing these steps in the Azure Portal, you must meet the following prerequisites:
  • Have an Azure AD that represents your domain.
  • Have provisioned at least one user.
  • Have provisioned at least one user group that contains the users you want to grant access to Security Center.
  1. In the Azure Portal, open the Azure Active Directory for your tenant.
  2. In the left menu, select App registrations and click New registration.

    Azure Portal shows the New registration button on the App registrations page.

  3. Enter a Name, select Single tenant under Supported account types and click Register.