Azure Active Directory represents an Identity and Access Management as a service (IDaaS) solution that can be used as your Single Sign-On domain on the CloudBlue Connect platform.
The following provides instructions on how to deploy your configured Azure Active Directory on the Connect platform. The guidelines below also showcase how to create a new Active Directory on the Microsoft Azure portal, how to successfully configure your Azure enterprise application, and more.
Create your Azure Active Directory via the Microsoft Azure Portal as described below. Skip to Connect Domain Verification in case your Active Directory and custom domain are already configured on the Microsoft Azure portal.
By creating an Active Directory, the Microsoft Azure portal requires you to specify your tenant details. A tenant represents an organization and dedicated instance of Azure AD. The following steps showcase how to successfully create a new Azure Active Directory and configure your new tenant:
Therefore, the Azure portal starts to process your tenant configuration. In case this processing is successfully complete, the Azure portal allows you to access your created Active Directory.
Verify your domain name within your Azure Active Directory. Skip to Connect Domain Verification in case your custom domain is already configured on the Microsoft Azure portal.
Follow the steps below to add your custom domain to your Azure Active Directory and successfully verify it.
As a result, the Azure portal starts to process your domain configuration. If this processing is complete, the Azure portal will successfully verify your added domain.
Create a domain on the CloudBlue Connect platform. Once your domain instance is created, Connect prompts users to create a domain verification record via the domain details screen.
Create an Azure Active Directory record set with required data as follows:
Thus, the system should successfully verify your domain instance on the Connect platform. Note, however, that sometimes DNS changes can take a while to appear. Please wait a few hours, then reopen your domain instance and try to verify it again. In case the verification operation keeps failing, try to add a different DNS TXT record and make sure that all provided values are correct.
In case your Active Directory is successfully configured and your domain is successfully on the Connect platform , it is necessary to define your single sign-on system via the Enterprise applications section on the Microsoft Azure portal and upload your Connect Service Provider metadata and certificate files to the Azure portal. The following instructions showcase how to perform the aforementioned operations:
Therefore, your SSO system and the assertion encryption will be successfully configured on the Microsoft Azure portal. Note, however, that Azure’s token encryption usually takes from 5 to 10 minutes to start working. Don’t close your created Azure application just yet. It is required for the Connect SAML configuration as described below.
If your created application and the assertion encryption is successfully configured on the Azure portal, it is necessary to configure Identity Provider Details and User Management attributes within your verified domain on the CloudBlue Connect platform. In addition, you can switch the SAML authentication mode of your domain to test out your configured single sign-on system. Note that in order to enable this mode at least one user should be added to the Exclusions list. The following steps showcase how to successfully perform all of the aforementioned operations:
By completing the provided instruction, your Connect domain will be successfully configured for single sign-on authorization via the Azure Active Directory. Therefore, you can add users to your authorization system and test out as described below.
Once your single sign-on system will be successfully configured, you can create a new user on Connect and add this user to your Azure Active Directory as well as your to your configured application. Therefore, you can test out your configured SAML authorization. Follow the steps below to add a new user and test your single sign-on system:
In case your single-sign on authorization system is configured correctly, the Connect platform will allow you to sign into your domain by using your specified credentials.