...
...
...
...
...
Info |
---|
You can connect an Identity Provider (IdP) like Microsoft Azure AD to your instance. |
Note |
---|
It is recommended to create a new application in the Azure portal for V4 application login. |
Table of Contents | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|
|
...
Overview
ConnectSecure supports the following providers.
...
Getting Started
Note |
---|
If a user already exists in Zitadel and is linked to Microsoft SSO, they may still be prompted for Zitadel TOTP MFA when logging in via the ConnectSecure portal. To address this, there are two methods available: Disable Force MFA in Zitadel Settings: Disabling Force MFA in Zitadel settings will prevent the prompt for TOTP MFA. However, please note that after disabling this setting, normal local users will not be prompted for TOTP MFA either. Remove the user from Zitadel and Reconfigure with SSO: Another approach is to remove the user from Zitadel and then configure them again with SSO. By doing so, the user should no longer be prompted for Zitadel TOTP MFA during login. |
To set up an Authentication Provider, log in at https://authprod.myconnectsecure.com and complete these steps:
Click on the Settings header at the top
Click on the Identity Providers section on the left
Tap on the tile of the provider
...
Providers
Each provider has unique values and integration requirements. Please check out the setup guide for the individual provider(s) as required.
Microsoft
Microsoft Azure AD Configuration
Register a new client
Browse to the App app registration menus and create a dialog to create a new app.
Give the application a name and choose who should be able to login can log in (Single-Tenant, Multi-Tenant, Personal Accounts, etc.). This setting will also have an impact on how to configure the provider is configured later on in ZITADEL.
Choose "Web" in the redirect uri URI field and add the URL:
Example redirect url URL for the domain:
https://authprod.myconnectsecure.com/ui/login/login/externalidp/callback
Save the Application (client) ID and the Directory (tenant) ID from the detail page separately as these needs need to be copied into the ConnectSecure portal.
Add client secret
...
Click on client credentials on the detail page of the application or use the menu "Certificates & secrets"
Click on "+ New client secret," and enter a description and an expiry date, add the secret afterwardsafterward
Copy the value of the secret. You will not be able to see the value again after some time
...
To allow ZITADEL to get the information from the authenticating user, you have to configure what kind of optional claims should be returned in the token.
...
Go to "API permissions" in the side menu
Make sure Ensure the permissions include "Microsoft Graph": email, profile, and User. Read
The "Other permissions granted" should include "Microsoft Graph: openid"
...
To Add an Identity Provider in Your ConnectSecure Instance.
Login to the ConnectSecure portal and Click on Profile.
...
Click on the Company Logo.
...
Navigate to the Settings.
Modify your login policy in the menu Login Behavior and Security.
Enable the attribute External IDP allowed.
Go to the Identity Providers Overview
Go to the Settings page of your instance or organization and choose "Identity Providers.".”
In the table, you can see all the providers you have configured. Also, you will see all provider templates that are available to be configured.
...
The Microsoft template has everything you need preconfigured. You only have to add the client ID and secret, you have created in the previous step before.
You can configure the following settings if you like, ; a useful default will be filled if you don't change anything:
...
Once the details are filled in and options are selected, click on Create.
...
Under the Identity Provider table, select the created record and Click on set as available.
...
This completes setting up and adding Microsoft Azure AD Provider.
ConnectSecure portal
...
login using Microsoft
Login to the ConnectSecure Portal and enter the Tenant Name.
Click on Use External Authentication to login log in to the portal.
...
Provide all the fields (Give Name, FamilyName, Username, E.mail, Phone number, Language) and click on Register to create a user in the ConnectSecure portal.
...
Once the email address has been Successfully verified and The user will created with NO ROLE assigned to it. Admin should assign the Role as per the requirement.
The Admin user can assign the role to IDP so the user can login and access the ConnectSecure portal.
This completes the Microsoft Azure AD Authentication Providers SetupProvider Setup.
...
Get Support
If you have an integration-related inquiry, please email support@connectsecure.com with the details, and our Support Team will assist you.