Setting up authentication with Azure AD

The following guide will assist you in configuring your application to use Azure Active Directory for authentication.

Part 1: Configure a new application in Azure AD

Log into portal.azure.com with administrative credentials, select All services and select Azure Active Directory
Select App registrations and click New application registration
Enter Lithnet Access Manager or another suitable application name, and select Accounts in this organizational directory only (Lithnet only - Single tenant) as the supported account type
Select Web as the application type
In the redirect URI field, enter the base URL where your Access Manager web app is hosted followed by /auth/ (eg https://accessmanager.lithnet.local/auth/)
Click Register
Take note of the Application ID value, this is our OpenID Connect client ID
From the left-hand menu, click Authentication and then Properties. Set the Logout URL to be the same as your base URL, with /auth/logout appended to it. (eg https://accessmanager.lithnet.local/auth/logout)
Save the settings
From the API permissions page, use the grant admin consent if you want to prevent users from being prompted for their consent when logging into the app.
From the Certificates and secrets page, click new client secret, give your secret a name, and then take note of the value provided.

Open the Lithnet Access Manager Service Configuration Tool
Select the Authentication page
Select Open ID Connect as the authentication provider
Use the application id obtained from the Azure AD setup process as the client ID value
Specify the client secret obtained from the Azure AD setup process.
Set the authority as appropriate for your tenant eg for lithnet.io it would be https://login.microsoftonline.com/lithnet.io

For further security, you can set up a conditional access policy to require multi-factor authentication for the app

Last updated 2 years ago