Skip Navigation LinksALVAO 11.0ALVAO Asset ManagementImplementation of the system in the organisationUser managementUser authentication in applicationsUser authentication using Active DirectoryImportAD utilityUser authentication using Azure Active Directory Skip Navigation Links.


Change Alvao version
Change language

User authentication using Azure Active Directory

Users can log into Alvao using Azure Active Directory (AAD) authentication. This authentication method cannot be combined with other authentication methods.

Caution:
When moving from Active Directory (AD) authentication to AAD authentication, you must also start importing users from AAD instead of AD. The ImportAzure utility does not have the same capabilities as ImportAD. Before using it, make sure that these limitations will not cause you problems.

Registering an application to Azure Active Directory

First, register your application in Azure. As part of the registration, set up:

  1. Assign Users.Read.All and Groups.Read.All permissions to the application and ensure these permissions are approved by the administrator.
  2. Set the redirect address to https://<WebApp>/Account/LoginMicrosoftEndpoint
  3. Record the values from the application registration that you will need later:
    • Tenant ID
    • Client ID
    • Client secret

Setting up authentication with Azure Active Directory

  1. Create a tenant database.
  2. In the tenant database, add an entry for the tenant in which you want to use AAD authentication. The ConnectionString column is particularly important.
  3. In the database for that tenant, insert one row in the AzureAdTenant table. Provide the correct Tenant ID obtained during application registration.
  4. Add the tenant database in the tProperty table on the row labeled AzureApplicationId. insert the Client ID value obtained during application registration into the sPropertyValue column.
  5. If you have been running the ImportAD utility regularly, cancel running it. This method of importing users is not compatible with AAD login.
  6. Prepare a regularly scheduled task to import users using the ImportAzure utility.
  7. Let the user import run for the first time. If you have a large number of users and groups in AAD, the import may take a longer time.
  8. Using the Internet Information Service Manager:
    1. In Alvao (WebApp), change the authentication method to anonymous and forms.
      In the forms login details, provide the address ~/Account/LoginMicrosoft.
    2. In the ServiceDeskWebService application, change the authentication method to anonymous.
    3. In AssetWebService (AM WS), change the authentication method to anonymous.
    4. In AlvaoRestApi, change the authentication method to anonymous.
    5. In the Custom Apps WebService, set the authentication method to anonymous (if the module AM Custom Apps or SD Custom Apps is activated)
  9. In the following configuration files, write the value obtained during application registration to the AAD_ClientSecret setting:
    1. WebApp - web.config file
    2. ServiceDeskWebService - web.config
    3. AssetWebService - web.config
    4. MailboxReader - app.config
    5. AlvaoRestApi - web.config
    6. Custom Apps WebService - web.config (if module AM Custom Apps or SD Custom Apps is activated)

 

Did not find what you were looking for? Ask our technical support team.