Configuring Remote Azure AD Authentication

Prerequisites

• You have the management permissions for the System module.
• You have created users and added enterprise application resources on Azure AD, and obtained information about the Azure AD platform configuration.

Procedure

1. Log in to your bastion host.
2. Choose System > Sysconfig > Authenticate.
   Figure 1 Configuring remote authentication
   

3. Click Edit in the Azure AD config area.
   Figure 2 Azure AD Config
   

   Table 1 Azure AD authentication parameters

   Parameter	Description
   Status	Specifies the status of remote Azure AD authentication (default: ). : Azure AD authentication is enabled. Remote Azure AD authentication is enabled when a user starts a login. : Azure AD authentication is disabled.
   Entity ID	Specifies the enterprise name or URL.
   Reply URL	Specifies the reply URL. This parameter is automatically set to the URL of the current bastion host. If the IP address or domain name of the bastion host is changed, change the IP address or domain name in the URL.
   Apply federation metadata URL	Specifies the application federation metadata URL generated after SAML signature certificate is configured in Microsoft Azure.
   Logon URL	Specifies the login URL generated after SAML single sign-on is configured in Microsoft Azure.
   Azure AD ID	Specifies the Azure AD ID generated after SAML single sign-on is configured in Microsoft Azure.

4. Click OK. You can then view Azure AD authentication configurations in the Azure AD server list.
   

   If the Azure AD certificate is updated, you need to delete the old certificate on the Azure AD portal before logins.

Follow-up Operations

• To modify or disable Azure AD authentication, click Edit in the Operation column and reconfigure Azure AD authentication in the displayed dialog box.
• After Azure AD authentication is configured, you are required to create a user who has been added to the enterprise application or created on the Azure platform. For details, see Creating a User.