Authenticating Operator Login Using Azure AD
The ARM supports Azure AD for operator login authentication (in addition to support for Azure AD as a source of ARM users). The feature augments local operator login authentication and comes in addition to LDAP and RADIUS authentication.
| 1. | Configure the Azure portal to allow the ARM as a valid application (see Configuring the ARM in the Azure Portal); Azure AD is added to the ARM in the Azure Authentication page (Settings > Administration > Azure Authentication). |
Azure Authentication
Only operators with a security level of 'Security Admin' can edit Azure Authentication attributes.
| 2. | Test connectivity with Azure AD. Use the Test button shown in the preceding figure (available for operators whose security level is 'Admin' or 'Secure Admin'). |
In the connectivity test, the ARM also validates the Authorization-level mappings; if an Azure AD membership group does not contain the authorization mappings, a warning message is displayed.
| 3. | Under the section 'Authorization Level Settings', map the ARM’s access roles (‘Security Admin’, ‘Admin’ and ‘Monitor’) with the Azure AD’s app roles. |
| 4. | After Azure authentication is enabled, the Login with Microsoft button is displayed in the login screen: |
Login with Microsoft
| 5. | Select Login with Microsoft; the browser redirects to the Microsoft login page and after authentication with Microsoft, it redirects back to the ARM GUI. See also Logging in. |