Active Directory feature you can bring your own identity provider allowing your users a single sign one experience.
Federated identity allows authorized users to access multiple applications and domains using a single set of credentials. It links a user’s identity across multiple identity management systems so they can access different applications securely and efficiently.
When organizations implement federated identity solutions, their users can access web applications, partner websites, Active Directory, and other applications without logging in separately every time.
Federated identity – also known as Federated Identity Management (FIM) – works on the basis of mutual trust relationships between a Service Provider (SP) such as an application vendor and an external party or Identity Provider (IdP).
The IdP creates and manages user credentials and the SP and IdP agree on an authentication process. Multiple SPs can participate in a federated identity agreement with a single IdP. The IdP has mutual trust agreements with all these organizations.
Although you can integrate with Active Directory using ADFS, we recommend using Open Id as described below. Information about integration using ADFS is available here
Set up federated security using Azure Active Directory
Create an App registration
- In the Azure portal navigate to the Active Directory. Select
App registrationsfrom the menu and click the “New registration” button
- In the name type “microServiceBus.com”. Leave the supported account type as “Single tenant” and set the
Redirect URIto “WEB” and “https://[Your mSB instance URI]/signin-oidc/[Your organization]. E.g.
- With the App registered, navigate to the
Authenticationmenu option and check the “ID tokens (used for implicit and hybrid flows)” option
- Navigate to the
Certificates & secretsmenu option and create a new
Client secret. Copy the secret value.
- Navigate to the
Token configurationmenu option and Client the “Add optional claim” button. Mark the “ID” option and select the following claims:
Set up Azure Active Directory feature
- Back at microServiceBus.com, navigate to the Organization page and edit the Active Directory feature.
- In the “Open Id and Azure Active directory” section, click “Add new record”. Fill in the following:
|Domain||The name of your domain found at the “Overview” section under “Primary domain” in your Azure Active Directory|
|Email domain||Usually the same as the Domain, but the domain used of the emails|
|Name||The organization name you used when you set up the
|Tenant Id||The tenant identifier found at the “Overview” section of your Azure Active Directory|
|Client Id||Copy the “Application (client) ID” from the App registration|
|Client secret||The secret you copied in step 5 in the previous section|
Finish by hitting the “SAVE” button
IMPORTANT These settings will not have effect until the site is restarted. Please notify your microServiceBus.com contact.