This repository has been archived by the owner on Aug 4, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 27
Setting up authentication with Azure Active Directory
Ryan Newington edited this page Jul 7, 2018
·
4 revisions
The following guide will assist you in configuring your application to use Azure Active Directory for authentication.
- Open IIS Manager, expand the
Sites
list, and select the Lithnet LAPS web site you created at installation time. - In the app setting pane, click
Authentication
- Ensure
Anonymous authentication
is enabled, and all other options are disabled.
- Log into portal.azure.com with administrative credentials, select
All services
and selectAzure Active Directory
- Select
App registrations
and clickNew application registration
- Enter
LithnetLAPSWeb
or another suitable application name, and selectWeb app/API
as the application type - Enter the base URL where your Lithnet LAPS Web app is hosted (eg https://laps.lithnet.local/)
- Take note of the
Application ID
value, this is our OpenID Connect client ID - Click
Settings
and thenProperties
. Set the Logout URL to be the same as your base URL, with/Home/LogOut
appended to it. (eg https://laps.lithnet.local/Home/LogOut)
- Open the
web.config
file in the root of the application folder. Ensure no otherowin:appStartup
key is present - Substitute the value for
oidc:ClientId
with theApplication ID
obtained in step 5 above - Substitute the value for
oidc:RedirectUri
with the base URL of your application - Substitute the
lithnet.io
portion in theoidc:Authority
field with the name of your Azure tenant
<add key="owin:appStartup" value="Lithnet.Laps.Web.Startup.ConfigureOpenIDConnect" />
<add key="oidc:ClientId" value="e33a990b-111f-43f6-8c6c-fd034c0dd080" />
<add key="oidc:RedirectUri" value="https://laps.lithnet.local/" />
<add key="oidc:Authority" value="https://login.microsoftonline.com/lithnet.io" />
Note: Azure AD authentication does not require an oidc:ClientSecret
value
Part 4: Enable multi-factor authentication For further security, you can set up a conditional access policy to require multifactor authentication for the app