Help Center> Cloud Bastion Host> User Guide> User> Remote Authentication Management> Configuring Remote Azure AD Authentication
Updated on 2024-04-11 GMT+08:00
View PDF

Configuring Remote Azure AD Authentication

CBH interconnects with the Azure AD platform to authenticate CBH system user logins.

This topic describes how to configure the Azure AD authentication.

Prerequisites

  • You have the management permissions for the System module.
  • You have created users and added enterprise application resources on Azure AD, and obtained information about the Azure AD platform configuration.

Procedure

  1. Log in to the CBH system.
  2. Choose System > Sysconfig > Authenticate.

    Figure 1 Configuring remote authentication

  3. Click Edit in the Azure AD config area.

    Figure 2 Configuring remote Azure AD authentication
    Table 1 Azure AD authentication parameters

    Parameter

    Description

    Status

    Specifies the status of remote Azure AD authentication (default: ).

    • : Azure AD authentication is enabled. Remote Azure AD authentication is enabled when the user logs in to the CBH system.
    • : Azure AD authentication is disabled.

    Entity ID

    Specifies the enterprise name or URL.

    Reply URL

    Specifies the reply URL. This parameter is automatically set to the URL of the current CBH system.

    If the IP address or domain name of the CBH system is changed, change the IP address or domain name in the URL.

    Apply federation metadata URL

    Specifies the application federation metadata URL generated after SAML signature certificate is configured in Microsoft Azure.

    Logon URL

    Specifies the login URL generated after SAML single sign-on is configured in Microsoft Azure.

    Azure AD ID

    Specifies the Azure AD ID generated after SAML single sign-on is configured in Microsoft Azure.

  4. Click OK. You can then view Azure AD authentication configurations in the Azure AD server list.

    Figure 3 Azure AD authentication

    If the Azure AD certificate is updated, you need to delete the old certificate on the Azure AD control plane before logging.

Follow-up Operations

  • To modify or disable Azure AD authentication, click Edit in the Operation column and reconfigure Azure AD authentication in the displayed dialog box.
  • After Azure AD authentication is configured, you are required to create a user who has been added to the enterprise application or created on the Azure platform. For details, see Creating a User.