- Sign in to the Azure Dashboard.
- Click Azure Active Directory in the Azure Services section.
- On the Azure AD dashboard, click App registrations in the Manage section of the Azure Active Directory pane.
- Click + New registration.
- Name your application and enter your domain name followed by this callback at the end of the path: /api/auth/sso/azure/callback. For example: https://<your-domain-name>/api/auth/sso/azure/callback
- On the following screen, copy the Application (client) ID and Directory (tenant) ID. You will need to input these values into the Binalyze AIR Console.
- In the left hand panel, click Certificates & Secrets to create an Application Secret.
- Click + New client secret. Name the client secret and choose an expiration date.
- Copy the Value field of the client secret. Treat this value like a password. This example leaves the value visible so the values in Azure can be seen in the Access configuration.
- In the left hand panel, click API permissions and make sure User.Read permission exists.
- If you don’t see User.Read permission, Click + Add a permission then click Microsoft Graph.
- Select Delegated permissions. You will need to toggle User.Read permission in the next page. Once toggled, click Add permissions.
- In the left hand panel, click App roles to create a new App role
- Name your role and select Users/Groups option from the Allowed member types.
- Give a description to your new role and enter the corresponding “Tag” of the role that you want to map within the Binalyze AIR Console into the “Value” field. In this example, we are using the Tag “global_admin” which is the tag of the Global Admin role in Binalyze AIR Console.
- Navigate back to Azure AD dashboard and then click Enterprise applications in the Manage section of the Azure Active Directory pane.
- Apply Filter by typing your app’s name in the search bar and click it.
- In the left hand panel, select Users and groups and click + Add user/group.
- On the following screen, Select users/groups and roles and then click Assign.
- Sign in to the Binalyze AIR Console
- Navigate to Settings section by clicking the button and then select Settings from the drop down list.
- Click SSO from the left panel and enable SSO by clicking the switch button:
- Fill in the required fields:
Tenant ID: Unique identifier of the Azure Active Directory instance.Click Save Settings.
Client ID: Unique identifier of the Application.
Client Secret: Password of the service principal.
- Sign in with Azure AD button should appear at Binalyze AIR Console login page. Once you click this button, you will navigate to Microsoft login page to authenticate your access. Once you are authenticated, you will be redirected back to the AIR console.