# Azure Active Directory Integration

VirtualMetric supports Azure Active Directory authentication for user authentications.

You can allow access to your Azure Active Directory users by configuring "**App Registration**" in your Azure Active Directory, and enabling **azureStatus** in your `web.config` file.

1\. First, navigate to the `ControlPanel` directory and open `web.config`:

```
C:\Program Files\VirtualMetric\ControlPanel\Web.config
```

2\. Find `azureStatus` in the `appSettings` section and change it as `true`, and restart the **VirtualMetric API** from **IIS Manager**:

```
    <appSettings>
    <add key="primaryApiUrl" value="https://api.virtualmetric.com/API/" />
    <add key="failoverApiUrl" value="" />
    <add key="triggerId" value="3080487f-f3f6-43e2-bd27-7f1886a12816" />
    <add key="apiUser" value="vmapi" />
    <add key="apiPassword" value="727c9b3a51eb3407c7cc21c45d84bb28" />
    <add key="azureStatus" value="true" />
    </appSettings>
```

3\. After enabling `azureStatus`, you will see the **Sign in with Microsoft** button on the logon screen:

<div align="center"><figure><img src="/files/PTarprqtlYx5z0FdKAcb" alt=""><figcaption></figcaption></figure></div>

4\. Now you need to register the application in **Azure Portal**. You can follow the steps below to create an application registration.

5\. Click on **Microsoft Entra ID**

<div align="center"><figure><img src="/files/yO2sIAwJJIFyfwt2197Z" alt=""><figcaption></figcaption></figure></div>

6\. Navigate to **App Registrations** and click the **New Registration** button.

<div align="center"><figure><img src="/files/wtRmiuvJWLpsfKH0JgOZ" alt=""><figcaption></figcaption></figure></div>

7\. Type your application name and select an account type. You need to type VirtualMetric API's address for **Redirect URI**. Complete the registration by clicking the **Register** button.

<div align="center"><figure><img src="/files/nHbAN2oZRSmm4dIQVQVW" alt=""><figcaption></figcaption></figure></div>

{% hint style="info" %}
Please make sure to enable SSL on VirtualMetric API, and use an HTTPS FQDN in the **RedirectURI Parameter**. You can check the [Setup SSL Certificate on VirtualMetric](/installation/maintenance.md#setup-ssl-certificate) section to learn how to activate SSL.
{% endhint %}

8\. After registering the application, enable **Access Token** and **ID Token** grants under the **Authentication** options.

<div align="center"><figure><img src="/files/P4uWf8HL0rSJGPVmolGx" alt=""><figcaption></figcaption></figure></div>

9\. Add an optional email claim under **token configuration**.

<div align="center"><figure><img src="/files/FiVwGzTj8geZPg4ZQgPM" alt=""><figcaption></figcaption></figure></div>

10\. Add your role configuration under the `appRoles` section, and save the manifest file.

<div align="center"><figure><img src="/files/teOPgR0mi6V5kkJCY8fr" alt=""><figcaption></figcaption></figure></div>

The completed configuration should look like this:

```json
"appRoles": [
	{
		"allowedMemberTypes": [
			"User"
		],
		"description": "Users with readonly access",
		"displayName": "VirtualMetricUserRole",
		"id": "18d14569-c3bd-439b-9a66-3a2aee01d14c",
		"isEnabled": true,
		"lang": null,
		"origin": "Application",
		"value": "VirtualMetricUserRole"
	},
	{
		"allowedMemberTypes": [
			"User"
		],
		"description": "Users with admin access",
		"displayName": "VirtualMetricAdminRole",
		"id": "18d14569-c3bd-439b-9a66-3a2aee01d14f",
		"isEnabled": true,
		"lang": null,
		"origin": "Application",
		"value": "VirtualMetricAdminRole"
	},
	{
		"allowedMemberTypes": [
			"User"
		],
		"description": "msiam_access",
		"displayName": "msiam_access",
		"id": "b9632174-c057-4f7e-951b-be3adc52bfe6",
		"isEnabled": true,
		"lang": null,
		"origin": "Application",
		"value": null
	}
],

```

11\. Note the **Application (client) ID**, **Directory (tenant) ID**, and **RedirectURI** parameters. You will update the appropriate fields in **Advanced Settings**.

<div align="center"><figure><img src="/files/BLauhfbJcHBRHQMrKE6B" alt=""><figcaption></figcaption></figure></div>

12\. In **Advanced Settings**, search for **Azure** and you will see the **Azure Active Directory** settings. Set **Azure Active Directory Client ID**, **Azure Active Directory Tenant ID**, and **Azure Active Directory Redirect Uri** variables as per the table below.

| Advanced Settings Title             | Mapping Title           |
| ----------------------------------- | ----------------------- |
| Azure Active Directory Client ID    | Application (client) ID |
| Azure Active Directory Tenant ID    | Directory (tenant) ID   |
| Azure Active Directory Redirect Uri | RedirectURI             |

{% hint style="info" %}
When a user wants to authenticate via **Azure Active Directory**, VirtualMetric looks for their email address. If the AzureAD user and the VirtualMetric user has the same email address, the user will be authenticated automatically. See the [Adding New User to VirtualMetric](/settings/users/user-operations.md) section for further details.
{% endhint %}

{% hint style="info" %}
**Visibility of Azure Active Directory Elements** should be **Active**
{% endhint %}

<div align="center"><figure><img src="/files/HuEEXJK5lykwXhKEJGoT" alt=""><figcaption></figcaption></figure></div>

{% hint style="warning" %}
After setting the parameters, you should reset **IIS** with **iisreset** on the dashboard servers.
{% endhint %}

13\. Create the user groups for VirtualMetric under **Microsoft Azure -> User Groups**.

<div align="center"><figure><img src="/files/trBoJTrlj8gwur5rVIDX" alt=""><figcaption></figcaption></figure></div>

14\. Add the roles you have written to the manifest file.

<div align="center"><figure><img src="/files/U5qtv5Yks26fIpEmSv2P" alt=""><figcaption></figcaption></figure></div>

15\. Now go back to **Azure** and click on **Enterprise Applications**.

<div align="center"><figure><img src="/files/4I4sRObLx6lZODEQ7Lkk" alt=""><figcaption></figcaption></figure></div>

15\. Under **All Applications**, search for and click on the application related to VirtualMetric.

<div align="center"><figure><img src="/files/d9CcIEZYnuXFBaIR9riy" alt=""><figcaption></figcaption></figure></div>

16\. Now you can add a user to the group and test it.

<div align="center"><figure><img src="/files/Qc1HXDmzxx7s93HS07sV" alt=""><figcaption></figcaption></figure></div>

16\. Add your user and role, and then click on **assign**.

<div align="center"><figure><img src="/files/HE2hKpszgZhxJVPUY5QK" alt=""><figcaption></figcaption></figure></div>

17\. Now you can navigate to the **Logon Screen** to test your Azure Active Directory authentication. Click the **"Sign in with Microsoft"** button to redirect to the Azure Active Directory authentication page.

<div align="center"><figure><img src="/files/t8LA7Oko9PN0FagsYSdA" alt=""><figcaption></figcaption></figure></div>

18\. On your first login, you can grant access and start a VirtualMetric session.

<div align="center"><figure><img src="/files/za8AMHO7shRKMzFMNKHd" alt=""><figcaption></figcaption></figure></div>

19\. Under the **Microsoft Azure -> User** section, you can see the users created with Azure.

<div align="center"><figure><img src="/files/sSDbCtHmDQIfJhrFCxVX" alt=""><figcaption></figcaption></figure></div>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.virtualmetric.com/settings/azure-active-directory-integration.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.