Skip to main content
Sign in

Adding Authentication via Microsoft Azure AD

Sabrina Zapora
  • Updated

You can use Azure AD service provided by Microsoft to integrate login with VaultOne.

 

To integrate the AD On-Premises service, you must first install Azure AD Connect. This application, provided by Microsoft, makes it possible to synchronize AD On-premises with AD in the cloud.

 

Step 1

In your VaultOne, In the “Administration -> Settings” section, navigate to the “Identity Providers” tab

mceclip0.png

For AD setup on your VaultOne, you will need to fill in some information.

 

Remember: If you only want to allow authentication to VaultOne through AD, you only need to fill in the first two fields (Application ID and Directory ID). In the case of GROUP synchronization, all information must be completed.

 

Step 2

In a new tab, access the Microsoft Azure portal through the link https://portal.azure.com, and select the “Azure Active Directory” service.

 

mceclip1.png

Step 3

In the left menu, navigate to the “App registrations” section and select the “New Registration” option

 

mceclip2.png

 

Step 4

Choose a name for the application. Then, under “Supported account types” , select the first option, “Accounts in this organizational directory only”. Finally, click on Register.

 

mceclip3.png

 

Step 5

A new application registration will be generated. You will use this data to set up Azure AD in VaultOne.

 

mceclip4.png

 

Step 6

Return to your VaultOne, and fill in according to the data obtained from Azure.

 

mceclip5.png

 

Step 7

Return to the created App, and this time select the option “Add a Redirect URI”

 

mceclip6.png

 

Step 8

Under “Platform configurations”, click on the button “Add a platform” and then select the option “Single-page application”.

 

mceclip7.png

mceclip8.png

Step 9

In “Redirect URI’s”, put your *.vault.one subdomain, such as https://demo.vault.one. Then check the options “Access tokens (used for implicit flows)” and “ID Tokens (used for implicit and hybrid flows)”. Finally, click on “Configure”.

 

mceclip9.png

With these settings applied, it is now possible to login to the VaultOne platform using your Azure AD. To import groups, follow the steps below.

 

Step 10

In the left menu, click on “Certificates & secrets”. In the “Client secrets” section, click on “New client secret”.

mceclip10.png

 

Step 11

Define a description, and select the option “24 months” under “Expires”. Then click on “Add”.

mceclip11.png

 

Step 12

Once obtained the Client secret data, copy what is in “Value”, and fill in “Application Key” in your VaultOne.

mceclip12.png

mceclip13.png

 

Step 13

In the side menu, navigate to “API permissions”. Then click on “Add a permission”. Lastly, scroll to the bottom of the page and select the last option, “Azure Active Directory Graph”.

 

mceclip14.png

 

Step 14

In “Request API permissions”, select the type “Application permissions”, and then check the option “Directory.Read.All”, in the “Directory” section. Click on “Add permissions”.

mceclip15.png

 

Step 15

Also in the section, note that you have not yet been granted administrative privileges. To grant, the AD admin user must click on “Grant admin consent for VaultOne Software”.

mceclip16.png

mceclip17.png

Step 16

Finally, in the “Overview” section of your Azure AD, find your “Primary domain”, and enter it in the “Directory Domain” field in your VaultOne and save.

mceclip18.png

All set! You have configured your Azure Active Directory integration with your VaultOne.

 

Found your answer? If you still have questions, you can contact us!

help@vaultone.com

 

Related articles

Comments

0 comments

Please sign in to leave a comment.