Skip to main content

Azure Application Registration

Applicable Target: On-Premises (Single-tenant) Environment

To link the Security365 product with a Microsoft account, the customer's Azure account must beRequired permissions and Redirection URIYou need to create this registered Azure Application.

1. Create Azure Application

1.1 Application Creation

To sign up for Microsoft in an On-Premises (Single-tenant) environment, the customer must create an Azure application with the necessary permissions in their Azure account.

  1. with a Microsoft administrator accountMicrosoft Azure Integrated ConsoleAccess the page.
  2. 앱 등록Moving to the service page.
  3. 새 등록Click the button to go to the application registration page. After entering the application name,등록Click the button.

img

1.2 API Permission Settings

Configure the permissions required for the application for SP login and account synchronization.

  1. 앱 등록Find and click on the application created on the service page.
  2. 관리 > API 사용 권한Moving to the page.
  3. 권한 추가Click the button andMicrosoft GraphSelect to add permissions to the application.

img

The permission information to be added is as follows.

Microsoft API TypesTypePermissionDescriptionPurpose
Microsoft GraphDelegated AuthorityemailView users' email addressSP Login
Microsoft GraphDelegated AuthorityopenidSign users inSP login
Microsoft GraphDelegated AuthorityprofileView users' basic profileSP Login
Microsoft GraphDelegated AuthorityRoleManagement.Read.AllRead role management data for all RBAC providersPermission verification during registration
Microsoft GraphDelegated AuthorityRoleManagement.Read.DirectoryRead directory RBAC settingsPermission verification during registration
Microsoft GraphDelegated AuthorityUser.ReadSign in and read user porfileAccount Synchronization
Microsoft GraphApplication PermissionsDirectory.Read.AllRead directory dataAccount Synchronization
  1. After adding permissions,관리자 동의 허용Click the button to approve the permissions requested by all accounts within the tenant.

img

1.3 Authentication Settings

You need to register a URI that can send authentication results when the user has completed logging in or logging out.

  1. 관리 > 인증Moving to the page.
  2. 플랫폼 추가Click the button toplatform and단일 페이지 애플리케이션Adding a platform.

img

The redirect URIs that need to be added for each platform are as follows.

img

TypeURIDescription
Web Redirection URIhttps://login.xxx.yyy/SCCloudOAuthService/openid/v2/callback/codeSP Login
https://login.xxx.yyy/SCCloudOAuthService/openIdCallbackSP Login
Single Page Application Redirect URIhttps://login.xxx.yyy/callbackSP Login
https://portal.xxx.yyy/signupSign Up
https://portal.xxx.yyy/setting/inboundAzure account integration

※ xxx.yyy must be changed to the domain address for each environment.

  1. Allows the issuance of ID tokens to request tokens at the authorization endpoint.

img

  1. 저장Press the button to save the settings.

1.4 Certificate and Password Settings

To use the created Azure application, you need to obtain a client secret.

  1. 관리 > 인증서 및 암호Moving to the page.
  2. 새 클라이언트 암호Click the button to issue the client password.

img

  • This password is required later when setting the app information (Security365 Portal App Secret) on the Security365 master admin page, so please keep it safe separately.

img

2. Setting Azure Application Information in the Master Admin Page

Before completing the environment setup and registering, you need to enter the Azure application information on the master admin page of the management center.

  1. Log in to the management center with the master administrator account.
  2. 설정 > Azure 애플리케이션 설정Move to the tab.

img

  1. Enter the following configuration values.

    SettingsDescription
    Security365 Portal App IDGenerated Azure Application ID
    Security365 Portal App SecretGenerated Azure application client secret
    Azure Tenant IDAzure Directory (Tenant) ID

  2. 수동 생성 앱 사용 여부checks.

  3. 저장Click the button to save the settings.

  4. Once the setup is complete, proceed with the registration.

* How to Renew Client Password

  1. Microsoft Azure Integrated ConsoleAccessing __PH_0__.
  2. You will receive a new client secret for the existing application.
  3. Log in to the Security365 management center with the master administrator account.
  4. 설정 > Azure 애플리케이션 설정Move to the tab.
  5. SECRET 갱신Click the button and enter the existing password and the newly issued password.저장Click the button.

© SOFTCAMP Co., LTD. All rights reserved.