In your VaultOne, in the section “Administration -> Settings”, select the tab “Identity Providers”.
To configure your AD inside VaultOne, some information should be given.
Reminder: If you only wish to authenticate users within your AD, you should fill only the first two fields. In case you also want to import AD GROUPS, all fields should be filled and you’ll have to check the box “Do you want to Sync Active Directory Groups?”.
In a new tab, enter the Microsoft Azure portal at https://portal.azure.com, and select the service “Azure Active Directory”.
At the left menu, go to the section “App registrations” and select the option “New Registration”.
Select a name for the App. Then, in “Supported account types”, select the first option, “Accounts in this organizational directory only”. Click “Register”.
It will be generated a new App registration. You should use this data to configure your Azure AD on VaultOne.
Return to your VaultOne and fill according to the data obtained at Azure.
Go to the created App, and this time select the option “Add a Redirect URI”.
In “Platform configurations”, click the button “Add a platform” and then select the option “Single-page application”.
In “Redirect URI’s”, put your subdomain *.vault.one, for instance, https://demo.vault.one. Then, check the options “Access tokens (used for implicit flows)” e “ID Tokens (used for implicit and hybrid flows)”. Click “Configure”.
By applying these settings, it’s possible to login into VaultOne using your Azure ID. To import GROUPS, please follow the steps below.
In the left menu, click “Certificates & Secrets”. In the section “Client secrets”, click “New cliente secret”.
Write a description, and select the option “24 months” for “Expires”. Click “Add”.
Once obtained the new Client secret information, copy the “Value” and fill it on the “Application Key” field at VaultOne.
At the side menu, go to “API permissions”. Then, click “Add a permission”. Roll to the end of the page and select the last option, “Azure Active Directory Graph”.
In “Request API permissions”, select the type “Application permissions”, and then check the option “Directory.Read.All”, in the section “Directory”. Click “Add permissions”.
Still in this section, observe that admin consent weren’t given yet. To grant admin privileges, the user that administrates the AD should click in “Grant admin consente for VaultOne Software”.
Finally, in the section “Overview” of your Azure AD, locate your “Primary domain”, and insert it on the “Directory Domain” at your VaultOne and save it.
Ready. You have successfully configured your Azure Active Directory to your VaultOne.
Did this answer your question? If you need more help, contact us!