Azure Active Directory Integration
Last updated
Last updated
VirtualMetric supports Azure Active Directory authentication for user authentications.
You can allow access to your Azure Active Directory users by configuring "App Registration" in your Azure Active Directory, and enabling azureStatus in your ControlPanel web.config file.
1. First, go to ControlPanel web.config file:
2. Find azureStatus in the appSettings section and change it as true and restart virtualmertic API from IIS Manager:
3. After enabling azureStatus in web.config file, you will see "Sign in with Microsoft" button on the logon screen:
4. Now you need to register application in Azure Portal. You can follow the steps below to create Application Registration.
5. Click on Microsoft Entra ID
6. Navigate to App Registrations and click New Registration button.
7. Type your application name and select an account type. You need to type VirtualMetric API address for the Redirect URI. You can complete the registration by clicking Register button.
Please make sure to enable SSL on VirtualMetric API and use https FQDN on RedirectURI Parameter. You can check Setup SSL Certificate on VirtualMetric section to read how to activate SSL.
8. After Application Registration, please enable "Access Token" and "ID Token" grants under Authentication options.
9. Please add email optimal claim under token configuration.
10. Add your role configuration under the appRoles section and save the manifest file.
Example configuration of the roles:
11. Please note the "Application (client) ID", "Directory (tenant) ID" and "RedirectURI" parameters. You will update the appropriate fields in Advanced Settings.
12. In the Advanced Settings, search for "Azure" and you will see the Azure Active Directory settings. Please set Azure Active Directory Client ID, Azure Active Directory Tenant ID and Azure Active Directory Redirect Uri variables.
Mapping should be like:
Advanced Settings Title | Mapping Title |
---|---|
Azure Active Directory Client ID | Application (client) ID |
Azure Active Directory Tenant ID | Directory (tenant) ID |
Azure Active Directory Redirect Uri | RedirectURI |
When a user wants to authenticate via Azure Active Directory, VirtualMetric looks for their email address. If AzureAD user and VirtualMetric user has the same email address, user will be authenticated automatically. Please check Adding New User to VirtualMetric section for more details.
Visibility of Azure Active Directory Elements should be Active
After setting the parameters, you should reset the iis by iisreset on dashboard servers.
13. Please create user groups on VirtualMetric under Microsoft Azure -> User Groups.
14. Please add the roles you have written to the manifest file.
15. Now let's go back to Azure and click on Enterprise Applications.
15. Under All Applications, search for and click on the application related to VirtualMetric.
16. Now we can add a user to the group and test it.
16. Add your user and role then click on assign.
17. Now you can navigate to Logon Screen to test your Azure Active Directory authentication. Please click "Sign in with Microsoft" button to redirect to Azure Active Directory authentication page.
18. On your first login, you can grant access and login to VirtualMetric.
19. Under the Microsoft Azure -> User section, you can see the users created with Azure.