Versions Compared

Old Version 1

changes.mady.by.user Mikko Kerava

Saved on

compared with

New Version Current

changes.mady.by.user Mikko Kerava

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Modern authentication with Azure AD

With Modern Authentication, users authenticate with OpenID Connect against the customer’s own Azure tenant using a browser. This means that user accounts are centralized to the customer’s own Azure and are by definition subject to the already-existing security policies.

More details and step-by-step instructions on how to configure modern authentication with AzureAD are here: Enabling SCIM integration with Azure AD

Classic authentication integration with AzureAD

Note

Classic authentication mode is maintained for backwards compatibility. All new deployments are done using Modern Authentication.

In classic authentication integration, user credentials are passed through the Enreach backend to Azure for validation.

To enable classic Azure AD Authentication integration for your organization, Benemen Authenticator an Azure AD application must be registered to the customer Active Directory in Azure management portal. 

If Multi-Factor Authentication (MFA) is enabled on Azure AD, Benemen Enreach Datacenter IP Addresses (80.88.187186.0/2423) must be white listedwhitelisted. More information: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips

Anchor
_Toc430289616
_Toc430289616
Registering the Authenticator Application

 

1. Log in to https://portal.azure.com

 

2. Select Azure Active Directory -> App registrations

  Image Removed
 

...

3. Select New application registration

...

4. Enter details and click Register

  • Name for application, for example '

...

  • Enreach Authenticator'

  • Accounts in this organization only

  • Redirect URI

...

...

5. Go to Authentication tab

  1. Implicit grant: ID tokens
  2. Treat application as a public client: Yes
  3. Click Save Image Removed

and configure following

  1. Select “Add a platform”

    Image Added

  2. Select Web

    Image Added

  3. Configure Web

    1. Enter https://api.beneservices.com as RedirectURI

    2. Select ID Tokens

    3. Click Configure

      Image Added

  4. Set Allow public client flow = Yes

    Image Added

  5. Click Save


6. Go to Permissions tab

  1. Make sure that app have User.Read permission

    Image Added


  2. Click Grant admin consent and Yes to confirmation

...


  1. Image Added

  2. Make sure that there is a green mark for Admin consent

...


  1. Image Added

8. Go to Overview tab

  • Send Application ID value to

...

  • Enreach

...