Modern authentication with Azure AD
With Modern Authentication, users authenticate with OpenID Connect against the customer’s own Azure tenant using a browser. This means that user accounts are centralized to the customer’s own Azure and are by definition subject to the already-existing security policies.
More details and step-by-step instructions on how to configure modern authentication with AzureAD are here: Enabling SCIM integration with Azure AD
Classic authentication integration with AzureAD
| Note |
|---|
Classic authentication mode is maintained for backwards compatibility. All new deployments are done using Modern Authentication. |
In classic authentication integration, user credentials are passed through the Enreach backend to Azure for validation.
To enable classic Azure AD Authentication integration for your organization, Benemen Authenticator an Azure AD application must be registered to the customer Active Directory in Azure management portal.
If Multi-Factor Authentication (MFA) is enabled on Azure AD, Benemen Enreach Datacenter IP Addresses (80.88.186.0/23) must be whitelisted. More information: https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-mfasettings#trusted-ips
...
2. Select Azure Active Directory -> App registrations
...
3. Select New application registration
...
4. Enter details and click Register
Name for application, for example 'Benemen Enreach Authenticator'
Accounts in this organization only
Redirect URI is not needed : https://discover.enreachvoice.com/
...
5. Go to Authentication tab and configure following
Select
...
“Add a platform”
Select Web
Configure Web
Enter https://api.beneservices.com as RedirectURI
Select ID Tokens
Click Configure
Set Allow public client flow = Yes
Click Save
...
6. Go to Permissions tab
Make sure that app have User.Read permission
Click Grant admin consent and Yes to confirmation
...
...
Make sure that there is a green mark for Admin consent
...
8. Go to Overview tab
Send Application ID value to Benemen Enreach
...
...