# Azure Active Directory Integration VirtualMetric supports Azure Active Directory authentication for user authentications. You can allow access to your Azure Active Directory users by configuring "**App Registration**" in your Azure Active Directory, and enabling **azureStatus** in your `web.config` file. 1\. First, navigate to the `ControlPanel` directory and open `web.config`: ``` C:\Program Files\VirtualMetric\ControlPanel\Web.config ``` 2\. Find `azureStatus` in the `appSettings` section and change it as `true`, and restart the **VirtualMetric API** from **IIS Manager**: ``` ``` 3\. After enabling `azureStatus`, you will see the **Sign in with Microsoft** button on the logon screen:

4\. Now you need to register the application in **Azure Portal**. You can follow the steps below to create an application registration. 5\. Click on **Microsoft Entra ID**

6\. Navigate to **App Registrations** and click the **New Registration** button.

7\. Type your application name and select an account type. You need to type VirtualMetric API's address for **Redirect URI**. Complete the registration by clicking the **Register** button.

{% hint style="info" %} Please make sure to enable SSL on VirtualMetric API, and use an HTTPS FQDN in the **RedirectURI Parameter**. You can check the [Setup SSL Certificate on VirtualMetric](https://docs.virtualmetric.com/installation/maintenance#setup-ssl-certificate) section to learn how to activate SSL. {% endhint %} 8\. After registering the application, enable **Access Token** and **ID Token** grants under the **Authentication** options.

9\. Add an optional email claim under **token configuration**.

10\. Add your role configuration under the `appRoles` section, and save the manifest file.

The completed configuration should look like this: ```json "appRoles": [ { "allowedMemberTypes": [ "User" ], "description": "Users with readonly access", "displayName": "VirtualMetricUserRole", "id": "18d14569-c3bd-439b-9a66-3a2aee01d14c", "isEnabled": true, "lang": null, "origin": "Application", "value": "VirtualMetricUserRole" }, { "allowedMemberTypes": [ "User" ], "description": "Users with admin access", "displayName": "VirtualMetricAdminRole", "id": "18d14569-c3bd-439b-9a66-3a2aee01d14f", "isEnabled": true, "lang": null, "origin": "Application", "value": "VirtualMetricAdminRole" }, { "allowedMemberTypes": [ "User" ], "description": "msiam_access", "displayName": "msiam_access", "id": "b9632174-c057-4f7e-951b-be3adc52bfe6", "isEnabled": true, "lang": null, "origin": "Application", "value": null } ], ``` 11\. Note the **Application (client) ID**, **Directory (tenant) ID**, and **RedirectURI** parameters. You will update the appropriate fields in **Advanced Settings**.

12\. In **Advanced Settings**, search for **Azure** and you will see the **Azure Active Directory** settings. Set **Azure Active Directory Client ID**, **Azure Active Directory Tenant ID**, and **Azure Active Directory Redirect Uri** variables as per the table below. | Advanced Settings Title | Mapping Title | | ----------------------------------- | ----------------------- | | Azure Active Directory Client ID | Application (client) ID | | Azure Active Directory Tenant ID | Directory (tenant) ID | | Azure Active Directory Redirect Uri | RedirectURI | {% hint style="info" %} When a user wants to authenticate via **Azure Active Directory**, VirtualMetric looks for their email address. If the AzureAD user and the VirtualMetric user has the same email address, the user will be authenticated automatically. See the [Adding New User to VirtualMetric](https://docs.virtualmetric.com/settings/users/user-operations) section for further details. {% endhint %} {% hint style="info" %} **Visibility of Azure Active Directory Elements** should be **Active** {% endhint %}

{% hint style="warning" %} After setting the parameters, you should reset **IIS** with **iisreset** on the dashboard servers. {% endhint %} 13\. Create the user groups for VirtualMetric under **Microsoft Azure -> User Groups**.

14\. Add the roles you have written to the manifest file.

15\. Now go back to **Azure** and click on **Enterprise Applications**.

15\. Under **All Applications**, search for and click on the application related to VirtualMetric.

16\. Now you can add a user to the group and test it.

16\. Add your user and role, and then click on **assign**.

17\. Now you can navigate to the **Logon Screen** to test your Azure Active Directory authentication. Click the **"Sign in with Microsoft"** button to redirect to the Azure Active Directory authentication page.

18\. On your first login, you can grant access and start a VirtualMetric session.

19\. Under the **Microsoft Azure -> User** section, you can see the users created with Azure.