SSO - Azure AD

Objective

This document provides instructions on how to configure Azure SSO integration to Volterra. For an overview of Volterra, see About Volterra.

Note: SSO setup requires you to be of the tenant owner type user. Navigate to General -> IAM -> Users. Click on the Show/hide column, select the Type field, and click Apply to display the Type column. For the tenant owner, the Type column displays Tenant Owner and others, it displays User.


Prerequisites


Configuration

Integrating Azure SSO requires you to register your application in the Azure Active Directory (AD), obtain client ID and secret, obtain a redirect URI, and configure the redirect URI in the Azure AD.


You can navigate to the Azure AD in one of the following ways:

  • From Microsoft Office 365 AD
  • From Azure cloud portal

From Office 365

Perform the following to navigate to Azure AD from Office 365.

Step 1: Navigate to Office365 administration settings.

Sign in to the Office 356 AD and click on Show all in the Admin centers section on the left menu.

O365 main
Figure: Office 365 Admin Centers

Step 2: Open Azure AD admin center.

Click on Azure Active Directory on the displayed admin centers list.

O365 ad
Figure: Office 365 Azure AD Admin Center

Note: This opens the Azure AD admin center dashboard.

Step 3: Open the Azure AD settings.

Click on the Azure Active Directory on the left menu of the admin center dash board.

O365 ad 2
Figure: Office 365 Azure AD Dashboard

Step 4: Navigate to app registrations.

Click App registrations on the Azure AD dashboard and select New registration to start registration for your application.

O365 app reg
Figure: Office 365 Azure AD Application Registration


From Azure Portal

Perform the following to navigate to Azure AD from the Azure cloud portal.

Step 1: Login to the Azure cloud portal.

Sign in to the Azure portal and click on your account and under the Directory list, choose the Active Directory tenant where you wish to register your application.

portal ad
Figure: Azure AD Option on Azure Cloud Portal

Step 2: Open app registration in the Azure AD settings.

In the Azure Active Directory pane, click on App registrations and choose New registration.

portal app reg
Figure: Azure AD Application Registration in Cloud Portal


Register Application and Setup SSO

Step 1: Enter name and account types for your application.

Enter a name for the application, for example 'volterra-oidc-test', choose account types as required and click register.

image7
Figure: Register Application

Step 2: Save the application ID.

Find the Application ID value and record it for later. You'll need it to configure the SSO section in VoltConsole.

image9
Figure: Retrieve Application ID

Step 3: Configure client secret.

Create a Client Secret from ‘Certificates & secrets’ tab and clicking New client secret. Copy the client secret for configuring the SSO section in VoltConsole.

image3
Figure: Create Client Secret

Step 4: Obtain a well-known URL.

Well-known URL describes a metadata document that contains most of the information required for an app to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The same can be obtained using:

https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration

Note: Replace {tenant} with your Azure tenant ID. You can obtain your tenant from the Azure cloud portal by navigating to Azure Active Directory -> Overview screen.

Step 5: Login to VoltConsole and start configuring SSO.
  • Login to VoltConsole with tenant owner credentials, click General on the namespace selector. Select Tenant Settings -> Login Options and click Set Up SSO.

sso nav
Figure: Volterra SSO Setup Page

  • Select Azure from the service providers displayed.
Step 6: Configure the client ID and secret for Azure.

Provide Client ID and Client Secret obtained from previous steps.

voltui clientid
Figure: Client ID and Client Secret

Step 7: Generate redirect URL.
  • Enter the Well-known URL in the Import from well-known URL field and click Import to populate rest of the fields such as Authorization URL, Token URL, etc.
  • Click Continue to obtain a Redirect URI.
Step 8: Complete SSO setup.

Copy the displayed redirect URI and click Done.

redirect uri
Figure: Redirect URI

Step 9: Add the redirect URI in the Azure AD.

From the Azure Active Directory pane, click on App registrations and choose the registered application above (volterra-oidc-test). Select ‘Add a Redirect URI’ and provide the URI obtained above to complete Azure SSO setup.

image2
Figure: Add Redirect URI Option

image6
Figure: Configure Redirect URI


Concepts


API References