OpenID Connect authentication definition with Microsoft Entra (Azure)

To configure the OpenID Connect authentication method with Microsoft Entra, please follow below steps.

Note

Please note that this is a general guide, and specific details may vary depending on your Microsoft Entra setup. Refer to Microsoft Entra documentation for precise configuration steps.

Create user in Microsoft Entra ID

1. Go to the Microsoft Entra Admin Center and log in with your Microsoft Entra credentials.
2. In the left-hand menu, select Identity > Users > All users.

4. Click the + New user and select Create new user from the drop-down list.

5. In the User principal name field, enter the username of the user account. For example, user1@fudosecurity.com.
6. In the Display name field, provide the name of the user of the account.
7. Provide the password phrase in the Password field or click the Auto-generate password option to generate the password.
8. Select the Account enabled option.
9. In the Properties tab, under the Contact Information, in the Email field provide the email address. For example, user1@fudosecurity.com.
10. Enter the details required for the user under the Properties and Assignments tabs.
11. Click Create.

Register Fudo in Microsoft Entra ID

1. In the left-hand menu, select Identity > Applications > Enterprise applications.

2. Click the + New application button to create a new application.

3. Click the + Create your own application button.
4. In the right-hand dialog box provide the name of your app and chose Register an application to integrate with Microsoft Entra ID (App you’re developing) option.
5. Click Create.

6. In the next page, under the Supported account types select the Accounts in this organizational directory only (This Directory only - Single tenant) option.
7. Under the Redirect URI section select Web from the Select a platform drop-down list and provide the address of the Fudo Enterprise Access Gateway with the /oidc suffix. For example, https://10.0.58.239/oidc or https://fudo.example.com/oidc.

Note

You can find the Access Gateway address under the Settings > Network configuration menu in the Fudo Enterprise. For more information, please follow the Network settings section.

8. Click Register to create the application.
9. In the left-hand menu, select Identity > Applications > App registrations.
10. Change to All applications tab and find created application on the applications list.
11. Click on it’s name to edit the parameters. Note down the Application (client) ID and Directory (tenant) ID as you will need these later.

Configure Authentication Setting

1. In the left-hand menu, select Identity > Applications > App registrations.
2. Find created application on the applications list and click on it’s name to edit the parameters.
3. Under the Manage section, click on Authentication.
4. In the Web platform created for Fudo Enterprise add the Redirect URI(s) following to the Admin Panel with the /oidc suffix. For example, https://10.0.58.238/oidc or https://fudo.example.com/oidc.

5. In the Implicit grant and hybrid flows section, check ID tokens and Access tokens options.

6. In the App instance property lock section, click Configure and uncheck the Enable property lock option in the right-hand dialog box. Click Save to close the dialog box.
7. Click Save to save your authentication settings.

Generate Client Secret

1. In your application’s settings, navigate to the Certificates & secrets section.
2. Under the Client secrets section, click + New client secret.
3. Provide a description, select the desired expiration period, and click Add.

Warning

Note down the generated Secret ID and Value as you will need it for Fudo Enterprise configuration. Once saved, the secret value will no longer be visible.

Get OpenID Connect Configuration URL

1. In your application’s settings, navigate to the Overview section.
2. Open the Endpoints tab, and look for the OpenID Connect metadata document URL. This is your OpenID Connect Configuration URL. Copy it as you’ll need it for Fudo Enterprise configuration.

Configure OpenID Connect authentication method in Fudo

1. Go to your Fudo Enterprise Admin Panel.

2. Select Settings > Authentication.
3. Choose OpenID Connect tab.
4. Click Add OpenID Connect.
5. Check the Enabled option to globally enable OpenID Connect authentication.
6. Provide Name (Entra ID or any other Identity Provider).
7. Set the Bind address to Any.
8. Input the Configuration URL (the OpenID Connect metadata document URL from Microsoft Entra).
9. Provide the Client ID (the Secret ID from Microsoft Entra).
10. Provide the Client secret (the certificate Value from Microsoft Entra).

11. Add Username mapping and Email mapping (optional). Those fields are useful when user’s name has different naming convention.
12. Click Save.

Note

To learn more about the algorithm used to determine the user’s identity, visit OpenID Connect authentication definition section.

Create new user in Fudo

1. Select Management > Users and then click Add user.
2. Enter user name.
3. In the User Data tab, under the User info section, in the Email field enter the email address used during user creation in Microsoft Entra - in this case user1@fudosecurity.com.

4. Fill in the rest of the parameters according to your needs.

5. Click Save.

Note

This address is utilized to associate Fudo Enterprise users with their corresponding accounts created in Microsoft Entra. Ensure that there is no duplication of email addresses among users.

Testing

You can now test the OpenID Connect authentication by attempting to log in to Fudo Enterprise. Click on created Microsoft Entra authentication method button under the default Login button.

Related topics:

• User authentication methods and modes
• Authentication
• Integration with CERB server