Configure an Azure Active Directory enterprise application

You can integrate Azure Active Directory with Vantage. To do this you must create an enterprise application in Azure Active Directory and assign users to it.

Before you begin

An Azure Active Directory group that is to be used with Vantage must:
  • Be of type office 365mail enabled security or security
  • Have the AuthNContext property set to true
    Note:
    Users, guests, and applications contained directly in this group are granted access to Vantage. Azure denies access to users contained in the group's subgroups.

About this task

During authentication, Azure passes the universally unique identifier (UUID) of all the security groups that are defined for the authenticating user. Vantage ignores those that don't match any of its own groups. For more details, see Group creation.

Procedure

  1. Select My Dashboard > Enterprise applications | All Applications.


  2. Select + New application.
    A dialog shows.
  3. Select Create your own application.
    A dialog shows.
  4. In the What's the name of your app? filed, enter a name such as: Nozomi Networks Vantage.


  5. Select Integrate any other application you don't find in the gallery (Non-gallery).
  6. Enter any other Azure Active Directory details that are needed to complete the configuration of the new application. Select Create.
    The application has been created.
  7. Open the application.
  8. Select Single sign-on > SAML.


  9. Specify the Reply URL which corresponds to the assertion consumer service (ACS) uniform resource locator (URL) for Vantage: https://YOUR_VANTAGE_URL/api/v1/saml/auth
  10. Define the Entity ID for Vantage: https://YOUR_VANTAGE_URL/api/v1/saml/metadata
  11. Configure attributes and claims, including group claims, so that Azure passes group membership information to Vantage.
    Note:
    Vantage authentication relies on user group claims. You must configure Azure to emit the security group IDs for the authenticating user. Vantage uses these IDs to determine group membership and grant access accordingly.
    1. In the Attributes & Claims section, select the edit icon.
    2. Select Add a group claim.
    3. In the Group Claims dialog, select Security groups.
    4. Set the Source attribute field to Group ID.
      This causes Azure to emit the group's object ID (UUID), which Vantage uses to match groups and automatically add authenticated users to the correct group.
    5. Select Save.
  12. Optional: Upload an image to use as an icon in the security assertion markup language (SAML) app.
  13. After the application has been configured, it will show in Azure.


  14. Download the Azure Active Directory metadata file.
    1. In the SAML Signing Certificate section, to the right of Federation Metadata XML, select Download.


    2. Save this file to a location that the browser that you use for Vantage can access.
  15. Configure Vantage for SSO.

Results

The application has been configured.