OpenID Connect authentication definition with Azure

To configure the OpenID Connect authentication method with Azure, please follow below steps.

Note

Please note that this is a general guide, and specific details may vary depending on your Azure setup. Refer to Azure documentation for precise configuration steps.

Create user in Microsoft Entra ID (Azure Active Directory)

1. Go to the Azure Portal and log in with your Azure credentials.
2. In the left-hand menu, select Microsoft Entra ID.

3. Under the Manage section, click on Users.

4. Click the + New user button to create a new user. Select Create new user from the drop-down list.

5. In the User principal name field, enter the username of the user account. For example, user1@fudosecurity.com.
6. In the Display name field, provide the name of the user of the account.
7. Provide the password phrase in the Password field or click the Auto-generate password option to generate the password.
8. Select the Account enabled option.
9. In the Properties tab, under the Contact Information, in the Email field provide the email address. For example, user1@fudosecurity.com.
10. Enter the details required for the user under the Properties and Assignments tabs.
11. Click Create.

Register Fudo in Microsoft Entra ID (Azure Active Directory)

1. Go back to the Microsoft Entra ID menu and under the Manage section, click on Enterprise applications.

2. Click the + New application button to create a new application.

3. Click the + Create your own application button.
4. In the right-hand dialog box provide the name of your app and chose Register an application to integrate with Azure AD (App you’re developing) option.
5. Click Create.

6. In the next page, under the Supported account types select the Accounts in this organizational directory only (This Directory only - Single tenant) option.
7. Under the Redirect URI section select Web from the Select a platform drop-down list and provide the address of the Fudo Enterprise Access Gateway with the /oidc suffix. For example, https://10.0.58.239/oidc or https://fudo.example.com/oidc.

Note

You can find the Access Gateway address under the Settings > Network configuration menu in the Fudo Enterprise. For more information, please follow the Network settings section.

8. Click Register to create the application.
9. Go back to the main Microsoft Entra ID menu and under the Manage section, click on App registrations.
10. Change to All applications tab and find created application on the applications list.
11. Click on it’s name to edit the parameters. Note down the Application (client) ID and Directory (tenant) ID as you will need these later.

Configure Authentication Setting

1. Go back to the main Microsoft Entra ID menu and under the Manage section, click on App registrations.
2. Find created application on the applications list and click on it’s name to edit the parameters.
3. Under the Manage section, click on Authentication.
4. In the Web platform created for Fudo Enterprise add the Redirect URI(s) following to the Admin Panel with the /oidc suffix. For example, https://10.0.58.238/oidc or https://fudo.example.com/oidc.

5. In the Implicit grant and hybrid flows section, check ID tokens and Access tokens options.

6. In the App instance property lock section, click Configure and uncheck the Enable property lock option in the right-hand dialog box. Click Save to close the dialog box.
7. Click Save to save your authentication settings.

Generate Client Secret

1. In your application’s settings in the Azure Portal, navigate to the Certificates & secrets section.
2. Under the Client secrets section, click + New client secret.
3. Provide a description, select the desired expiration period, and click Add.

Warning

Note down the generated Secret ID and Value as you will need it for Fudo Enterprise configuration. Once saved, the secret value will no longer be visible.

Get OpenID Connect Configuration URL

1. In your application’s settings in the Azure Portal, navigate to the Overview section.
2. Open the Endpoints tab, and look for the OpenID Connect metadata document URL. This is your OpenID Connect Configuration URL. Copy it as you’ll need it for Fudo Enterprise configuration.

Configure OpenID Connect authentication method in Fudo

1. Go to your Fudo Enterprise Admin Panel.

2. Select Settings > Authentication.

3. Choose OpenID Connect authentication tab.

4. Click Add an external authentication source.

5. Check the Enabled option to globally enable OpenID Connect authentication.

6. Provide Name (Azure or any other Identity Provider).

7. Input the Configuration URL (the OpenID Connect metadata document URL from Azure).

8. Provide the Client ID (the Secret ID from Azure).

9. Provide the Client secret (the certificate Value from Azure).

   

10. Add Username mapping and Email mapping. Those fields are useful when user’s name has different naming convention.

11. Provide Bind address.

12. Click Save.

Create new user in Fudo

1. Select Management > Users and then click Add user.
2. Enter user name.
3. In the User Data tab, under the User info section, in the Email field enter the email address used during user creation in Azure - in this case user1@fudosecurity.com.

4. Fill in the rest of the parameters according to your needs.

5. Click Save.

Note

This address is utilized to associate Fudo Enterprise users with their corresponding accounts created in Azure. Ensure that there is no duplication of email addresses among users.

Testing

You can now test the OpenID Connect authentication by attempting to log in to Fudo Enterprise. Log in using the Azure authentication method:

Related topics:

• User authentication methods and modes
• Authentication
• Integration with CERB server