Azure AD
  • 15 Feb 2021
  • 3 Minutes To Read
  • Print
  • Share
  • Dark
    Light

Azure AD

  • Print
  • Share
  • Dark
    Light

The “Azure AD” identity source allows you to setup an “Azure app registration” as a mean to authenticate against Liquit Workspace. This allows you to leverage your Azure Active Directory as the single point of entry. Please refer to the corresponding Documentation on how to configure the “Azure app registration”.

Details

The details tab provides a few basic options to configure the Identity Source.

Name Description
Name The name of the Identity Source, this can't be changed after creation
Type The type of Identity Source, this can’t be changed after creation
Description A description for the Identity Source
Enabled This determines whether or not it is possible to use this Identity Source to connect to the Liquit Workspace
Display name A friendly display name
Hidden When a Identity Source is hidden it will not appear on the log in screen

Settings

It is required you create Azure app registration before you can configure the settings for you Azure AD Identity Source. Please refer to the corresponding Documentation. Below you find a list of settings configurable for the Azure AD Identity Source.

Name Description
Application ID The Application ID corresponding with your Azure AD app registration
Client secret The Azure AD app registration secret
Use application ID as resource When selected, the application ID will be used to request access the the Azure directory, otherwise the default Azure Active Directory Graph ID will be used.
Authorization URI The authorization URI provided by the Azure AD app registration
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/authorize
Token URI The token URI provided by the Azure AD app registration.
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/token
Logout URI The logout URI provided by the Azure AD app registration
Example: https://login.microsoftonline.com/[Tennant ID]/oauth2/logout?post_logout_redirect_uri=< redirection URL >
Domain hint You can provide Azure AD login page with a domain hint for which domain you want to authenticate. If the user has multiple active Azure AD sessions, and one session is matching the domain hint, then Azure AD will use that account and not ask the user to select an account. For example: liquit.com
Photos There are two options here enabled and disabled. This options requires you to set addition permissions in Azure AD, please see the corresponding Documentation
Use delta synchronization When selected, delta synchronization of the Azure AD will be enabled. This causes an initial full synchronization to be performed, after which only changes are synchronized incremently per Liquit Workspace server. This reduces the time it takes to fetch all users and groups from Azure AD after the initial synchronization is completed.
Modifications What kind of modifications are allowed to Azure AD.

The Fetch OAuth 2 url's button will allow you to prefil the authorization, token and logout uri based on a Azure AD tenent ID.

The Redirection URL needs to be encoded to work properly.

Authentication

The Authentication tab allows you to configure the methods available to authenticate. The following options are available.

Name Description
Federated Allow authentication via federation (example: AD FS)
Form Authentication Allow the user to login via the Liquit Workspace login page.
NTLM Allow authentication via NTLM (Not available for Azure AD).
Basic Allow basic authentication.
Token excahnge Allow the token exchange to be used by third party integrators for more information see the corresponding page.

Contexts

The Contexts tab allows you to define the context in which the users need to be fetched.

The following options are available:

Name Description
Context Defines the Context in which the Objects will be synchronized
Scope Determines the scope two options are available:
  • base
  • Subtree
Users Determines whether users will synchronized with the Liquit Workspace
Groups Determines whether groups will synchronized with the Liquit Workspace

Contacts

Name Description
Enable contacts If contacts from this Identity Source should be used
Requires email Hide al objects without a email address
Group Only show members of a certain group

Show attributes

By enabling each field in this overview you allow those attributes to be synchronized to the Liquit Workspace.

Authenticator

The Authenticator tab allows you to assign a Authenticator to the Identity source, the following fields are available.

Name Description
Enable Authenticator Whether or not the Authenticator will be used
Authenticator Which Authenticator will be used
Prefix A prefix for the Authenticator
Suffix A suffix for the Authenticator
Was This Article Helpful?