Online Help > Support/Resources > Knowledge Base

Azure portal configuration guide for Office365 authentication

Description

 

BadgeInfo48x48

Microsoft Azure AD subscription is required to configure Office365 authentication in Devolutions Password Server

 

The following topic contains the procedure to configure Azure and Devolutions Password Server properly to use Office365 authentication.

 

Requirements

 

Microsoft Azure AD subscription

Remote Desktop Manager Login Native application in Azure AD

Devolutions Password Server Web login Web/API application in Azure AD

Devolutions Password Server Sync Web/API application in Azure AD

 

There are two main parts to the configuration:

1. Creation of Azure AD applications

2. Configuring the applications in the Devolutions Password Server Console

 

Creation of Azure AD applications

 

1.Log in to your Microsoft Azure Portal using administrator credentials at https://portal.azure.com
 

2.Once logged in, go to Azure Active Directory - App registration.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

3.Remote Desktop Manager Login Native Application

3.1. Create the application using New application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

3.2. Choose a significant name for the application. This name will not be used outside of Azure Portal. We recommend to use DPSRDM Office365 as the name of the application.

3.3. Set the Application type to Native value.

3.4. Set the Redirect URI with the Host set to connect on the Devolutions Password Server data source in Remote Desktop Manager.

 

Login Native Application parameters

Login Native Application parameters

 

Remote Desktop Manager Data Source Configuration

Remote Desktop Manager Data Source Configuration

 

3.5. Then, click on the Create button to save the information.

 

4.Devolutions Password Server Web Login Web/API Application

4.1. Create the application using New application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

4.2. Choose a significant name for the application. This name will not be used outside of Azure Portal. We recommend to use DPSWeb as the name of the application.

4.3. Set the Application type to Web app/API value.

4.4. Set the Sign-on URL. This property must be set with the URL to reach your Devolutions Password Server instance with /login at the end.

 

Web Login Web/API parameters

Web Login Web/API parameters

 

4.5. Then, click on the Create button to save the information.

 

5.Devolutions Password Server Sync Web/API Application

5.1. Create the application using New application registration button.

 

Azure AD - App registrations

Azure AD - App registrations

 

5.2. Choose a significant name for the application This name will not be used outside of Azure Portal. We recommend to use DPSSync as the name of the application.

5.3. Set the Application type to Web app/API value.

5.4. Set the Sign-on URL. This property must be set with the URL to reach your Devolutions Password Server instance. It should be the same as step 3.4.

 

Sync Web/API parameters

Sync Web/API parameters

 

6.Change required permissions on the Devolutions Password Server Sync Web/API application.

 

ShieldCaution48x48

Only Azure AD Administrator accounts are allowed to grant permissions on applications.

 

6.1. Select the Devolutions Password Server Sync Web/API application and click on the Settings button.

 

Application configuration section

Application configuration section

 

6.2. Select Required Permissions and delete the default Windows Azure Active Directory permission

 

Required permissions

Required permissions

 

6.3. Click Add in the Required Permissions section.

6.4. In Add API access step 1 Select an API, select Microsoft Graph from the list.

 

Require Permissions section

Require Permissions section

 

6.5. In Add API access step 2 Select permissions, select Read all groups and Read all users' full profiles permissions under Application Permissions section and then click on the Select button.

 

clip8031

 

6.6. Then click on Grant permissions so that the permissions are granted, the API calls the Devolutions Password Server instance and has permission to execute.

 

Required permissions - Grant permissions

Required permissions - Grant permissions

 

7. Configuring the applications in Devolutions Password Server Console.

 

7.1. Click Edit to open Password Server Settings.

 

Edit - Devolutions Password Server Console

Edit - Devolutions Password Server Console

 

7.2. Activate the Authenticate with Office365 user option box in the Authentication tab of the Devolutions Password Server instance.

 

Devolutions Password Server Settings - Authentication tab

Devolutions Password Server Settings - Authentication tab

 

7.3. Select the Office365 tab in the Devolutions Password Server. Please see Office365 for more information about the properties.

 

Office365 tab

Office365 tab

 

7.4. We recommend to have both Devolutions Password Server Settings dialog window and Microsoft Azure Portal available side by side for easier copy/paste operations.

 

Tenant ID

7.5. In the Microsoft Azure Portal, select Azure Active Directory on the left pane and then select Properties. Copy the Directory ID and paste it in the Tenant ID field in the Office365 tab.

 

Azure AD Portal

Azure AD Portal

 

Tenant ID - Office365 tab

Tenant ID - Office365 tab

Native application (RDM)

7.6. Select the Remote Desktop Manager Login Native application created in Microsoft Azure Portal (see step 3).
Copy the Application ID and paste it in the Client ID field of the Native application (RDM) section in the Office365 tab.
Copy the Redirect URI and paste it in the Redirect URI filed of the Native application (RDM) section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

Resource ID

7.7. Then, in the Microsoft Azure Portal, to get the Resource ID, click on the Manifest button. Find resourceAppID in the JSON data of the manifest, copy the key and paste it in the Resource ID field of the Native application (RDM) section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

Web Application

7.8. Next, select the Web Login Web/API application created in Microsoft Azure Portal (see step 4). Copy the Application ID and paste it in the Client ID field of the Web application section in the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

Users and Roles Cache

7.9. Select the Sync Web/API application created in the Microsoft Azure Portal (see step 5).
Copy the Application ID and paste it in the Client ID field of the Users and Roles cache section of the Office365 tab.
Copy the Reply URL and paste it in the Redirect URI field of the Users and Roles cache section of the Office365 tab.

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

7.10. In Microsoft Azure Portal, go in Settings - Keys to generate a secret key to make API requests to authenticate with Azure.

 

Azure AD Portal - DPSSync Settings

Azure AD Portal - DPSSync Settings

 

7.11. In the Password section, fill in the description, then set the Duration (1 year, 2 years, Never Expire) and click Save. Copy the key under the Value column and paste it in the Secret key field of the Office365 tab.

 

BadgeCaution48x48

Do not close or navigate to another page in Microsoft Azure Portal until the secret key is copied and pasted in the Secret key field of the Office365 tab. This value will no longer be viewable.

 

 

Microsoft Azure Portal

Microsoft Azure Portal

 

Office365 tab

Office365 tab

 

8.Finally, enable the Use Office365 authentication option in File - Data Sources in Remote Desktop Manager or use the Office 365 Log In button on the web interface.

 

Remote Desktop Manager Data Source Configuration

Remote Desktop Manager Data Source Configuration

 

clip8030