Thorn Tech Marketing Ad
Skip to main content
Version: 1.0.1

Azure Active Directory Integration

Overview

With StorageLink, you can now integrate Azure Active Directory with Admin & Web User authentication.

In other words, Admin & Web Users can leverage their existing AAD credentials instead of managing another account just for StorageLink.

Configuring AAD authentication is a process. At a high level, you will be performing three steps:

  • Create an App Registration
  • Grant users in AAD access to this App Registration
  • Point StorageLink to the App Registration

Create an App Registration in the Azure Portal

Open the Azure Portal and search for App Registrations.

azure-search-app-registrations

Click + New Registration. You'll see the following screen:

azure-register-an-application

Enter a Name for your App Registration.

For Redirect URI, choose Web from the drop-down, and paste in the following URL:

https://storagelink-hostname/backend/login/oauth2/code/custom name

The custom name can be any value you'd like, but make sure to write it down, as you'll need it later on.

Once everything has been configured, click Register.

Add users in AAD

In the Azure Portal, go to Azure Active Directory.

azure-search-azure-active-directory

By default, all users in your Azure Active Directory will have access and be able to log in with their Azure credentials to StorageLink. If you would like to configure access so that only select users or groups have permissions, follow the instructions below.

On the left, click on Enterprise applications.

Search for your App Registration's name that you created earlier. (If it doesn't show up, choose Enterprise Applications from the drop-down menu.)

azure-enterprise-applications

Click on your Application.

Navigate to the Properties section on the left sidebar. Set Assignment required? to Yes, and then at the top, click Save. This will make it so any user or group not specifically added to the Application is denied access.

azure-assignment-required

On the left, click on Users and Groups.

azure-aad-users-groups

Click on + Add user/group.

You will see an Add Assignment page. Select the users that you wish to grant access, and then click Assign.

Get App Registration IDs

StorageLink needs the App Registration IDs.

In the Azure Portal, go back to App Registrations.

azure-search-app-registrations

Click on the App Registration that you created earlier.

On the Overview page, copy and store the Application (client) ID and the Directory (tenant) ID. You will need these values later when creating the Identity Provider in StorageLink.

azure-app-registration-overview

On the Certificates & secrets page, under Client secrets, click + New client secret.

azure-app-registration-overview

Copy the Value of the new client secret and store it, as you will need it in the next section.

In the StorageLink Interface, go to Settings.

Under Identity Providers, click Add new IdP.

For the new Identity Provider, fill in the following fields:

  • Identity Provider Display Name: This is the name for the Identity Provider that will be displayed at the login screen.

  • Default User Role: Select the type of Users authenticating with this IdP. Can be configured for either Admin Users or Web Users to authenticate with.

  • Notes (Optional): Notes or details regarding the Identity Provider.

azure-app-registration-overview

  • Issuer URI: Paste in this text https://login.microsoftonline.com/{TENANT_ID}/v2.0. Replace the placeholder value with the tenant ID you copied earlier from the overview page of the App Registration.

  • Client ID: Paste in the client ID you copied earlier from the overview page of the App Registration.

  • Client Secret: Paste in the client secret value you copied earlier from the Client secrets page.

  • Name Attribute: Set this value to name.

  • Registration ID: Use the custom name you made for the Redirect URI when creating the Registration App.

  • Scopes: Set this value to openid.

azure-app-registration-overview

Test the changes in the web browser

If you are logged into the web admin UI, click the Log Out button on the top right, then refresh the browser.

On the login page, you should see the Display name for your Identity Provider.

info

Admin Users will need to change the URL to https://storagelink-hostname/admin to view the IdP login button.

azure-app-registration-overview

You will be redirected to login.microsoftonline.com to enter your AAD credentials.

Once logged in, you will be authenticated to the StorageLink web admin portal.

You've now completed the process for integrating Azure Active Directory authentication with StorageLink.