27.19 Configuring Integration with Azure

This section provides the configuration information on integrating Advanced Authentication with Azure MFA. This integration secures the connection with Advanced Authentication verification methods and allow users succeed the methods to seamlessly access Azure services.

The following diagram represents integration of Advanced Authentication with Azure.

To configure the integration of Advanced Authentication with Azure, perform the following tasks:

Ensure that the following requirements are met:

  • Create an account in Azure.

  • Install Azure AD connect and synchronize the directory with cloud account.

  • Register the custom domain name and verify that through public DNS registrar service.

27.19.1 Configuring Advanced Authentication SAML 2.0 Event

  1. Click Events > New Event to add a new event in the Administration portal.

  2. Create an event with the following parameters:

    • Name: Office 365

    • Event Type: SAML 2.

    • Chains: Select the required chains.

    • Paste the content of the file https://<adfs_hostname>/FederationMetadata/2007-06/FederationMetadata.xml to SP SAML 2.0 meta data.

      Or

      • Click Browse and upload the saved XML file.

  3. Click Save.

    NOTE:Verify whether you can access the file in the browser. If the file is not displayed, you have an issue on ADFS that you must resolve.

  4. Click Policies > Web Authentication.

  5. Set the External URL to https://AdvancedAuthenticationServerAddress/ and replace AdvancedAuthenticationServerAddress with domain name or IP address of your Advanced Authentication server.

    NOTE:To use multiple Advanced Authentication servers with SAML 2.0, you must do the following:

    1. Configure an external load balancer.

    2. Specify the address in External URL instead of specifying an address of a single Advanced Authentication server.

  6. Click Download IdP SAML 2.0 Metadata.

    You must open the file as an XML file.

    NOTE:If {"Fault":{... ` is displayed, you must verify the configuration.

  7. Click Save.

27.19.2 Configuring ADFS

  1. Open the ADFS management console.

  2. Click Claims Provider Trusts > Add Claims Provider trust.

  3. Click Start in the Add Claims Provider Trust Wizard.

  4. Click Import data about the claims provider from a file in the Select Data Source tab.

  5. Browse the Federation metadata file.

    You can download the Federation metadata from the Advanced Authentication metadata URL: https://<aaf-server>/osp/a/TOP/auth/saml2/metadata.

  6. Click Next.

  7. Specify the Display name.

  8. Click Next.

  9. Select Open the Edit Claim Rules dialog for this claims provider when the wizard closes.

  10. Click Close.

  11. Right-click the Display name and click Edit Claim Rules.

  12. Click Add Rule.

  13. Select Send Claims Using a Custom Rule from Claim rule template in the Add Transform Claim Rule Wizard.

  14. Click Next.

  15. Specify the Claim rule name.

  16. Paste the following in Custom rule:

    c:[Type == "netbiosName"] => issue(Type = "http://schemas.microsoft.com/ws/2008/06/identity/claims/windowsaccountname", Issuer = c.Issuer, OriginalIssuer = c.OriginalIssuer, Value = c.Value, ValueType = c.ValueType);

  17. Click OK.

27.19.3 Authenticating on Azure

  1. Launch https://portal.azure.com//.

  2. Login with your credentials.

  3. Select Advanced Authentication to go through the multi-factor authentication.

    Page redirects to the SAML Login page.

  4. You must pass the specified chains for authentication.