Configuring Remote Azure AD Authentication
You can interconnect your bastion host with the Azure AD platform to authenticate logins to your bastion host.
This topic describes how to configure the Azure AD authentication.
Prerequisites
- You have the management permissions for the System module.
- You have created users and added enterprise application resources on Azure AD, and obtained information about the Azure AD platform configuration.
Procedure
- Log in to your bastion host.
- Choose System > Sysconfig > Authenticate.
Figure 1 Configuring remote authentication
- Click Edit in the Azure AD config area.
Figure 2 Azure AD Config
Table 1 Azure AD authentication parameters Parameter
Description
Status
Specifies the status of remote Azure AD authentication (default: ).
- : Azure AD authentication is enabled. Remote Azure AD authentication is enabled when a user starts a login.
- : Azure AD authentication is disabled.
Entity ID
Specifies the enterprise name or URL.
Reply URL
Specifies the reply URL. This parameter is automatically set to the URL of the current bastion host.
If the IP address or domain name of the bastion host is changed, change the IP address or domain name in the URL.
Apply federation metadata URL
Specifies the application federation metadata URL generated after SAML signature certificate is configured in Microsoft Azure.
Logon URL
Specifies the login URL generated after SAML single sign-on is configured in Microsoft Azure.
Azure AD ID
Specifies the Azure AD ID generated after SAML single sign-on is configured in Microsoft Azure.
- Click OK. You can then view Azure AD authentication configurations in the Azure AD server list.
If the Azure AD certificate is updated, you need to delete the old certificate on the Azure AD portal before logins.
Follow-up Operations
- To modify or disable Azure AD authentication, click Edit in the Operation column and reconfigure Azure AD authentication in the displayed dialog box.
- After Azure AD authentication is configured, you are required to create a user who has been added to the enterprise application or created on the Azure platform. For details, see Creating a User.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.