One of the authentication options is provided in Conduit is Azure Active Directory.
Conduit enables Single sign-on solutions for all users accessing datasources as well as central authorization via AD groups. 

Conduit allows users to establish a link with an Azure Active Directory (AAD) subscription. This gives administrators the option to manage their organization's data access policies centrally in AAD so that they translate automatically to Conduit. This helps to streamline the data that users can explore.

Enabling Active Directory login requires an Active Directory app registration with the following properties that need to be filled in Conduit.

  • Active Directory Authority
  • Application ID
  • Client Secret

This tutorial will guide you to create and find the above properties.


TABLE OF CONTENTS


Instructions to create an AAD App registration

Step by step guide to create a new Azure Active Directory App registration

Step 1) Navigate to new registration

Step 1.1) Navigate to Azure ActiveDirectory

Step 1.1

Step 1.2) Click on App Registrations


Step 1.3) Click on New Registration


Step 2) Create new registration

  • provide a user friendly name for your app
  • select account type
    • “Accounts in this organizational directory only (YOUR-TENANT)”
  • click register


Step 3) Configure Redirect URIs

Step 3.1) Have in a notepad the following Conduit redirect URLs:

USER_LOGIN_URL

  • HTTP_PROTOCOL://CONDUIT_FQDN/login/oauth2/code/azure/user
    • e.g. https://conduit-my-deployment.com/login/oauth2/code/azure/user

SUBSCRIPTION_VALIDATION_URL

LOGOUT_URL


Step 3.2) Open new app registration 

Navigate to your newly created app registration, e.g. conduit-tutorial-activedirectory-app

  • open Azure Active Directory → App registrations → select “All applications” tab → search for the name provided at previous step


Step 3.3) Add USER_LOGIN_URL redirect URI

  • click on Authentication
  • click on “Add a platform”
  • click on “Web”


  • add USER_LOGIN_URL as an authorized Redirect URI
  • click “Configure”

Step 3.4) Add SUBSCRIPTION_VALIDATION_URL redirect URL

  • click on “Authentication”
  • click on “Web” → “Add URI”
  • add SUBSCRIPTION_VALIDATION_URL


Step 3.5) Add LOGOUT_URL redirect URL

  • click on “Authentication”
  • navigate to “Front-channel logout URL”
  • add LOGOUT_URL

Step 3.6) Save authentication settings

  • click “Save”
  • remaining settings can be left on default values


Step 4) Configure Client Secret

Step 4.1) Create a secret

Navigate to your newly created app registration, e.g. conduit-tutorial-activedirectory-app

  • open Azure Active Directory → App registrations → select “All applications” tab → search for the name provided at previous step
  • click on “Certificates & secrets”
  • add a user friendly description for your secret
  • select expiration policy
  • click “Add”


Step 4.2) Copy in a notepad the SECRET_VALUE

  • !!! client secret can only by viewed at this stage !!!

    • copy the value in safe location

    • you cannot view the secret later if you navigate away from this page

    • a new secret can be created later, but this secret cannot be read again




Find Active Directory Authority

Navigate to your newly created app registration, e.g. conduit-tutorial-activedirectory-app

  • open Azure Active Directory → App registrations → select “All applications” tab → search for the name provided at previous step
  • click on overview
  • copy Directory (tenant) ID
    • this is your Active Directory Authority



Find Application ID

Navigate to your newly created app registration, e.g. conduit-tutorial-activedirectory-app

  • open Azure Active Directory → App registrations → select “All applications” tab → search for the name provided at previous step
  • click on overview
  • copy Application (client) ID


Find Client Secret

Client secret can only be read at app registration creation.

See above section “Instructions to create an AAD App registration”.



Related articles