Skip to content
This repository has been archived by the owner on Aug 4, 2024. It is now read-only.

Setting up authentication with Azure Active Directory

Ryan Newington edited this page Jul 7, 2018 · 4 revisions

The following guide will assist you in configuring your application to use Azure Active Directory for authentication.

Part 1: Configure IIS

  1. Open IIS Manager, expand the Sites list, and select the Lithnet LAPS web site you created at installation time.
  2. In the app setting pane, click Authentication
  3. Ensure Anonymous authentication is enabled, and all other options are disabled.

Part 2: Configure a new application in Azure AD

  1. Log into portal.azure.com with administrative credentials, select All services and select Azure Active Directory
  2. Select App registrations and click New application registration
  3. Enter LithnetLAPSWeb or another suitable application name, and select Web app/API as the application type
  4. Enter the base URL where your Lithnet LAPS Web app is hosted (eg https://laps.lithnet.local/)
  5. Take note of the Application ID value, this is our OpenID Connect client ID
  6. Click Settings and then Properties. Set the Logout URL to be the same as your base URL, with /Home/LogOut appended to it. (eg https://laps.lithnet.local/Home/LogOut)

Part 3: Configure the Lithnet LAPS web app

  1. Open the web.config file in the root of the application folder. Ensure no other owin:appStartup key is present
  2. Substitute the value for oidc:ClientId with the Application ID obtained in step 5 above
  3. Substitute the value for oidc:RedirectUri with the base URL of your application
  4. Substitute the lithnet.io portion in the oidc:Authority field with the name of your Azure tenant
<add key="owin:appStartup" value="Lithnet.Laps.Web.Startup.ConfigureOpenIDConnect" />
<add key="oidc:ClientId" value="e33a990b-111f-43f6-8c6c-fd034c0dd080" />
<add key="oidc:RedirectUri" value="https://laps.lithnet.local/" />
<add key="oidc:Authority" value="https://login.microsoftonline.com/lithnet.io" />

Note: Azure AD authentication does not require an oidc:ClientSecret value

Part 4: Enable multi-factor authentication For further security, you can set up a conditional access policy to require multifactor authentication for the app