Configure an Azure Active Directory enterprise application

You can integrate Azure Active Directory with Vantage. To do this you must create an enterprise application in Azure Active Directory and assign users to it.

Before you begin

An Azure Active Directory group that is to be used with Vantage must:
  • Be of type office 365mail enabled security or security
  • Have the AuthNContext property set to true
    Note:
    Users, guests, and applications contained directly in this group are granted access to Vantage. Azure denies access to users contained in the group's subgroups.

About this task

During authentication, Azure passes the universally unique identifier (UUID) of all the security groups that are defined for the authenticating user. Vantage ignores those that don't match any of its own groups. For more details, see Group creation.

Procedure

  1. Select My Dashboard > Enterprise applications | All Applications.


  2. Select + New application.
    A dialog shows.
  3. Select Create your own application.
    A dialog shows.
  4. In the What's the name of your app? filed, enter a name such as: Nozomi Networks Vantage.


  5. Select Integrate any other application you don't find in the gallery (Non-gallery).
  6. Enter any other Azure Active Directory details that are needed to complete the configuration of the new application. Select Create.
    The application has been created.
  7. Open the application.
  8. Select Single sign-on > SAML.


  9. Specify the Reply URL which corresponds to the assertion consumer service (ACS) uniform resource locator (URL) for Vantage. For example: https://YOUR_VANTAGE_URL/api/v1/saml/auth
  10. Define the Entity ID. For example: https://YOUR_VANTAGE_URL/api/v1/saml/metadata
  11. Define attributes and claims.
    Note:
    Vantage authentication relies on user group claims. You must create such claims for any group used for authentication. Users that belong to the group pass the claim that you define. XREF
  12. Optional: Upload an image to use as an icon in the security assertion markup language (SAML) app.
  13. After the application has been configured, it will show in Azure.


  14. Download the Azure Active Directory metadata file.
    1. In the SAML Signing Certificate section, to the right of Federation Metadata XML, select Download.


    2. Save this file to a location that the browser that you use for Vantage can access.
  15. Configure Vantage for SSO.

Results

The application has been configured.