Before Security Center can use Azure Active Directory to authenticate users with OpenID Connect, setup is required in Config Tool and the Azure Portal.
This example shows how to set up third-party authentication with Azure Active Directory (Azure AD) using OpenID Connect (OIDC) access tokens. The procedure is divided into three sections:
- Locating the properties in the Azure portal
- Understanding the significance of each property
- Validating the properties before you can proceed
- Accessing corresponding help topics
To implement third-party authentication, you must have administrator rights in Security Center and Azure AD.
1 - Preparing Security Center
- Open Config Tool and connect to the Security Center main server as an administrator.
- From the Config Tool homepage, open the System task and click the Roles view.
- Click Add an entity () > Authentication Service.
The Creating a role: Authentication Service window opens.
- In the Specific info section, select the identity provider
and the authentication protocol and click Next.
- Provider
- Azure AD
- Protocol
- OpenID Connect
- In the Basic information section, enter a name and optional
description for the new Authentication Service role.
- If there are partitions in your system, select the partition of which this role
is a member and click Create.
Partitions determine which Security Center users have access to this entity. Only users who have been granted access to the partition can see this role.
- From the App registration page, copy the redirect
and logout URIs.
For more information, see About role endpoints configuration.
- Click NOTE: The Suspend button allows you to save and exit the configuration wizard temporarily. You can suspend the configuration at any time during the process.
.
2 - Preparing Azure AD
- Have an Azure AD that represents your domain.
- Have provisioned at least one user.
- Have provisioned at least one user group that contains the users you want to grant access to Security Center.
- In the Azure Portal, open the Azure Active Directory for your tenant.
- In the left menu, select App registrations and click
New registration.
- Enter a Name, select Single tenant
under Supported account types and click
Register.