Help Center/ Cloud Bastion Host/ User Guide/ User/ Remote Authentication Management/ Configuring Remote Azure AD Authentication
Updated on 2024-09-24 GMT+08:00

Configuring Remote Azure AD Authentication

You can interconnect your bastion host with the Azure AD platform to authenticate logins to your bastion host.

This topic describes how to configure the Azure AD authentication.

Prerequisites

  • You have the management permissions for the System module.
  • You have created users and added enterprise application resources on Azure AD, and obtained information about the Azure AD platform configuration.

Procedure

  1. Log in to your bastion host.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Edit in the Azure AD config area.

    Figure 2 Azure AD Config
    Table 1 Azure AD authentication parameters

    Parameter

    Description

    Status

    Specifies the status of remote Azure AD authentication (default: ).

    • : Azure AD authentication is enabled. Remote Azure AD authentication is enabled when a user starts a login.
    • : Azure AD authentication is disabled.

    Entity ID

    Specifies the enterprise name or URL.

    Reply URL

    Specifies the reply URL. This parameter is automatically set to the URL of the current bastion host.

    If the IP address or domain name of the bastion host is changed, change the IP address or domain name in the URL.

    Apply federation metadata URL

    Specifies the application federation metadata URL generated after SAML signature certificate is configured in Microsoft Azure.

    Logon URL

    Specifies the login URL generated after SAML single sign-on is configured in Microsoft Azure.

    Azure AD ID

    Specifies the Azure AD ID generated after SAML single sign-on is configured in Microsoft Azure.

  4. Click OK. You can then view Azure AD authentication configurations in the Azure AD server list.

    If the Azure AD certificate is updated, you need to delete the old certificate on the Azure AD portal before logins.

Follow-up Operations

  • To modify or disable Azure AD authentication, click Edit in the Operation column and reconfigure Azure AD authentication in the displayed dialog box.
  • After Azure AD authentication is configured, you are required to create a user who has been added to the enterprise application or created on the Azure platform. For details, see Creating a User.