- Updated On 15 Feb 2021
- 3 Minutes To Read
The “Azure AD” identity source allows you to setup an “Azure app registration” as a mean to authenticate against Liquit Workspace. This allows you to leverage your Azure Active Directory as the single point of entry. Please refer to the corresponding Documentation on how to configure the “Azure app registration”.
The details tab provides a few basic options to configure the Identity Source.
|Name||The name of the Identity Source, this can't be changed after creation|
|Type||The type of Identity Source, this can’t be changed after creation|
|Description||A description for the Identity Source|
|Enabled||This determines whether or not it is possible to use this Identity Source to connect to the Liquit Workspace|
|Display name||A friendly display name|
|Hidden||When a Identity Source is hidden it will not appear on the log in screen|
It is required you create Azure app registration before you can configure the settings for you Azure AD Identity Source. Please refer to the corresponding Documentation. Below you find a list of settings configurable for the Azure AD Identity Source.
|Application ID||The Application ID corresponding with your Azure AD app registration|
|Client secret||The Azure AD app registration secret|
|Use application ID as resource||When selected, the application ID will be used to request access the the Azure directory, otherwise the default Azure Active Directory Graph ID will be used.|
|Authorization URI||The authorization URI provided by the Azure AD app registration
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/authorize
|Token URI||The token URI provided by the Azure AD app registration.
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/token
|Logout URI||The logout URI provided by the Azure AD app registration
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/logout?post_logout_redirect_uri=< redirection URL >
|Domain hint||You can provide Azure AD login page with a domain hint for which domain you want to authenticate. If the user has multiple active Azure AD sessions, and one session is matching the domain hint, then Azure AD will use that account and not ask the user to select an account. For example: liquit.com|
|Photos||There are two options here enabled and disabled. This options requires you to set addition permissions in Azure AD, please see the corresponding Documentation|
|Use delta synchronization||When selected, delta synchronization of the Azure AD will be enabled. This causes an initial full synchronization to be performed, after which only changes are synchronized incremently per Liquit Workspace server. This reduces the time it takes to fetch all users and groups from Azure AD after the initial synchronization is completed.|
|Modifications||What kind of modifications are allowed to Azure AD.|
The Fetch OAuth 2 url's button will allow you to prefil the authorization, token and logout uri based on a Azure AD tenent ID.
The Authentication tab allows you to configure the methods available to authenticate. The following options are available.
|Federated||Allow authentication via federation (example: AD FS)|
|Form Authentication||Allow the user to login via the Liquit Workspace login page.|
|NTLM||Allow authentication via NTLM (Not available for Azure AD).|
|Basic||Allow basic authentication.|
|Token excahnge||Allow the token exchange to be used by third party integrators for more information see the corresponding page.|
The Contexts tab allows you to define the context in which the users need to be fetched.
The following options are available:
|Context||Defines the Context in which the Objects will be synchronized|
|Scope||Determines the scope two options are available:
|Users||Determines whether users will synchronized with the Liquit Workspace|
|Groups||Determines whether groups will synchronized with the Liquit Workspace|
|Enable contacts||If contacts from this Identity Source should be used|
|Requires email||Hide al objects without a email address|
|Group||Only show members of a certain group|
By enabling each field in this overview you allow those attributes to be synchronized to the Liquit Workspace.
The Authenticator tab allows you to assign a Authenticator to the Identity source, the following fields are available.
|Enable Authenticator||Whether or not the Authenticator will be used|
|Authenticator||Which Authenticator will be used|
|Prefix||A prefix for the Authenticator|
|Suffix||A suffix for the Authenticator|