Authenticate users with Microsoft Azure

Modified on Mon, 24 Jul, 2023 at 3:09 PM

Introduction


You can use Microsoft Azure to provide identity and access management to secure supported applications like Omniscope Evo.

 

You can learn more about how to use OpenID Connect in your application to allow users to securely sign in with Azure Active Directory here: https://docs.microsoft.com/en-us/learn/modules/secure-app-with-oidc-and-azure-ad/


Setup

Prerequisites


Create an Azure account, and check you have access to the Azure portal.


Register Omniscope Evo Azure Active Directory


Before being able to authenticate Omniscope using Azure Active Directory, Omniscope needs to be registered as an application in the Azure portal. 


After login, you can access App registrations from the home page:



Next, click on the New registration button and complete the application registration form:



When asked for the Redirect URI, you need to populate it with the external URL domain of your Omniscope Evo instance (https://omniscope.example.com in the example) followed by /oidc-cb.


Next, click on Register and take note of the Application (client) ID and Directory (tenant) ID as these will be needed later when setting up Omniscope:



Now that the application has been registered, click on Certificates & secrets and create a new client secret:





Take note of the new client secret's Value, as this will be needed later when configuring Omniscope. You must use the copy button immediately after creating the secret, as you will not be able to later retrieve it:



Setup the Azure Provider in Omniscope


Start Omniscope. Click on the admin user button in the top-right corner and click Edit permissions.



Inside the Edit permissions dialog:


Scroll down to the OpenID Connect section and tick Set configuration for OpenID connect.

Click Add Provider. In the dropdown select Azure.


You should see the Azure provider has now been added, but is not yet configured.



Select Microsoft Azure to open the configuration dialog.

Now populate as follows:

  • The Tenant ID should be the Directory (tenant) ID from the App Registration page in Azure;
  • The Client ID should be the Application (client) ID from the App Registration page in Azure;
  • The Client Secret should be the Value from the Client Secret page in Azure.

For more details regarding other options in the dialog see here.


Click Test Connection to ensure Azure has been successfully configured. You should see a popup informing you that validation was successful.







Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article