Introduction


You can use Microsoft Azure to provide identity and access management to secure supported applications like Omniscope Evo.

 

You can learn more about how to use OpenID Connect in your application to allow users to securely sign in with Azure Active Directory here: https://docs.microsoft.com/en-us/learn/modules/secure-app-with-oidc-and-azure-ad/


Setup

Prerequisites


Create an Azure account, and check you have access to the Azure portal.


Register Omniscope Evo Azure Active Directory


Before being able to authenticate Omniscope using Azure Active Directory, Omniscope needs to be registered as an application in the Azure portal. 


After login, you can access App registrations from the home page:

 



Next, click on the New registration button and complete the application registration form:




When asked for the Redirect URI, you need to populate it with the external URL domain of your Omniscope Evo instance (https.omniscope.example.com in the example) followed by /oidc-cb.


Next, click on Register and take note of the tenant Id as that would be needed when setting up Omniscope:



Now that the application has been registered, click on Certificates & secrets and create a new client secret:





Take note of he Client Id (Value) and Secret Id, as they will be needed later when configuring Omniscope:


Setup the Azure Provider


Start Omniscope. Click on the admin user button in the top-right corner and click Edit permissions.



Inside the Edit permissions dialog:


Scroll down to the OpenID Connect section and tick Set configuration for OpenID connect.

Click Add Provider. In the dropdown select Azure.


You should see the Google provider has now been added, but is not yet configured.



Select Microsoft Azure to open the configuration dialog.

Now enter the Tenant ID for your app and Client ID and Client Secret from the certificate you made a note of earlier. The client id would appear under the 'Value' column in the client secrets table


For more details regarding other options in the dialog see here.


Click Test Connection to ensure Azure has been successfully configured. You should see a popup informing you that validation was successful.