Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 3 Next »

Preface

Many smaller companies do not use an on premise Active Directory, which is the primary authentication and identification system used by Locator. These companies often only use Office 365, and as such, their primary authentication and identification system is Azure Active Directory. This guide is meant to give you the required steps on how to change from Active Directory to Azure Active Directory as the primary authentication and identification system.

Prerequisites

You need to have Locator installed before starting this reconfiguration task.

You will also need to create the following:

  • A service account in Azure AD that has the role Administrator
  • Create an Azure AD APP - for instructions on how to create this, follow this guide (scroll down to Setting up the Windows Azure Graph API for Locator)

Step-by-step guide

Follow these steps to reconfigure your system to use Azure AD as primary authentication and identification system.

  1. Start the Locator Management Console
  2. Go to Connections → Connector Feed
  3. Verify that the Azure AD connector is not currently installed by selecting the ViaWorks.Connector.AzureAD from the list. It should displayed 0 as the installed version.
  4. Press the Install button, this will download the installer for the connector.
  5. Accept the license terms and conditions and press Install

  6. Now that the connector is installed, let's go to Connections → Azure AD
  7. Add a new connection
  8. Name the connection Azure AD

  9. Fill in your full tenant name, i.e. contoso.onmicrosoft.com. Then fill in your Azure AD APP details with client ID and client secret, and the details for your service account and press Next.
  10. On the final page of the wizard, we select which authentication system is to be the primary, select Azure AD in the dropdown and press Finish.
  11. Start a CMD session with administrative privileges and perform a restart of IIS by issuing the command iisreset

You should now be able to log on with your Office 365 credentials in Locator.

Please note

If Multi Factor Authentication is enabled for additional security for the Office 365 tenant, authentication will fail in Locator, as MFA is not currently supported. If MFA is enabled, you need to have your Office 365 tenant administrator whitelist the public IP used by the server Locator is running on.

If you are unable to log on after you have followed the above steps and see this in your w3wp.exe.log file:

2018-10-24 07:16:19,326 INFO  [83:(<null>)] Via.AzureAD.Security.Plugin.AzureAdCredentialsVerifier - User NOT authenticated, username or password is incorrect: firstname.surname@example.com

It is very likely that Multi Factor Authentication is enabled, and a whitelist entry has to be made.



  • No labels

ayfie