Online Help > Support/Resources > Knowledge Base

Azure portal configuration guide for Office365 authentication

Description

 

BadgeInfo48x48

Microsoft Azure AD subscription is required to configure Office365 authentication in Devolutions Password Server

 

The following topic contains the procedure to configure Azure and Devolutions Password Server properly to use Office365 authentication.

 

Requirements

 

Microsoft Azure AD subscription

Remote Desktop Manager Login Native application in Azure AD

Devolutions Password Server Web login Web/API application in Azure AD

Devolutions Password Server Sync Web/API application in Azure AD

 

Creation of Azure AD applications

 

1.Login to your Microsoft Azure Portal using administrator credentials at https://portal.azure.com
 

2.Once logged on, go to Azure Active Directory - App registration.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

3.Remote Desktop Manager Login Native Application

3.1. Create the application using New Application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

3.2. Choose a significant name for the application. This name will not be used outside of Azure Portal. We recommend to use DPSRDM Office365 as the name of the application.

3.3. Set the Application type to Native value.

3.4. Set the Redirect URI with the Host set to connect on the Devolutions Password Server data source in Remote Desktop Manager.

 

Login Native Application parameters

Login Native Application parameters

 

Remote Desktop Manager Data Source Configuration

Remote Desktop Manager Data Source Configuration

 

3.5. Then, click on the Create button to save the information.

 

4.Devolutions Password Server Web Login Web/API Application

4.1. Create the application using New Application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

4.2. Choose a significant name for the application. This name will not be used outside of Azure Portal. We recommend to use DPSWeb as the name of the application.

4.3. Set the Application type to Web app/API value.

4.4. Set the Sign-on URL. This property must be set with the URL to reach your Devolutions Password Server instance with the /login at the end.

 

Web Login Web/API parameters

Web Login Web/API parameters

 

4.5. Then, click on the Create button to save the information.

 

5.Devolutions Password Server Sync Web/API Application

5.1. Create the application using New Application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

5.2. Choose a significant name for the application This name will not be used outside of Azure Portal. We recommend to use DPSSync as the name of the application.

5.3. Set the Application type to Web app/API value.

5.4. Set the Sign-on URL. This property must be set with the URL to reach your Devolutions Password Server instance. It should be the same as step 3.4.

 

Sync Web/API parameters

Sync Web/API parameters

 

6.Change required permissions on the Devolutions Password Server Sync Web/API application.

 

ShieldCaution48x48

Only Azure AD Administrator accounts are allowed to grant permissions on applications.

 

6.1. Select the Devolutions Password Server Sync Web/API application and click on the Settings button.

 

Application configuration section

Application configuration section

 

6.2. Select Required Permissions and delete the default Windows Azure Active Directory permission

 

Required permissions

Required permissions

 

6.3. Click Add in the Require Permissions section.

6.4. In Step 1, select Microsoft Graph from the list.

 

Require Permissions section

Require Permissions section

 

6.5. Select Read all groups and Read all users' full profiles permissions and then click on Select button.

 

clip8031

 

6.6. Then click on Grant permissions so that the permissions are granted, the API calls the Devolutions Password Server instance and have permission to execute.

 

Required permissions - Grant permissions

Required permissions - Grant permissions

 

 

7. Configuring the applications in Devolutions Password Server Console.

7.1. Activate the Authenticate with Office365 user option box in the Authentication tab of the Devolutions Password Server instance.

 

Devolutions Password Server Settings - Authentication tab

Devolutions Password Server Settings - Authentication tab

 

7.2. Select the Office365 tab in the Devolutions Password Server. Please see Office365 for more information about the properties.

 

Office365 tab

Office365 tab

 

7.3. We recommend to have both Devolutions Password Server Settings dialog and Microsoft Azure Portal available side by side for easier copy/paste operations.

7.4. In the Microsoft Azure Portal, select Azure Active Directory on the left pane and then select Properties. Copy the Directory ID and paste it in the Tenant ID field of the Office365 tab

 

Azure AD Portal

Azure AD Portal

 

Tenant ID - Office365 tab

Tenant ID - Office365 tab

 

7.5. Select the Remote Desktop Manager Login Native application created in Microsoft Azure Portal (see step 3).
Copy the Application ID and paste it in the Client ID field of the Native application (RDM) section in the Office365 tab.
Copy the Redirect URI and paste it in the Redirect URI filed of the Native application (RDM) section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

7.6. Then, in Microsoft Azure Portal, to get the ResourceID, click on the Manifest button. Find resourceAppID in the JSON data of the manifest, copy the key and paste it in the ResourceID field of the Native application (RDM) section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

7.7. Next, select the Web Login Web/API application created in Microsoft Azure Portal (see step 4). Copy the Application ID and paste it in the Client ID field of the Web application section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

7.8. Select the Sync Web/API application created in the Microsoft Azure Portal (see step 5).
Copy the Application ID and paste it in the Client ID field of the Users and Roles cache section of the Office365 tab.
Copy the Reply URL and paste it in the Redirect URI field of the Users and Roles cache section of the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

7.9. In Microsoft Azure Portal, go in Settings - Keys to generate a secret key to make API requests to authenticate with Azure.

 

Azure AD Portal - DPSSync Settings

Azure AD Portal - DPSSync Settings

 

7.10. In the Password section, fill in the description, then set the duration (1 year, 2 years, Never Expire) and click on Save. Copy the key under the Value column and paste it in the Secret key field of the Office365 tab.

 

BadgeCaution48x48

Do not close or navigate to another page in Microsoft Azure Portal until the secret key is copied and pasted in the Secret key field of the Office365 tab. This value will be then no longer be viewable.

 

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

8.Finally, enable the Use Office365 authentication option in File - Data Sources in Remote Desktop Manager or use the Office 365 Log In button on the web interface.

 

Remote Desktop Manager Data Source Configuration

Remote Desktop Manager Data Source Configuration

 

clip8030