Configure Azure federated authentication for Arctic Wolf web portals

You can configure Azure® as a Federated Identity Management (FIM) source for Arctic Wolf® web portals.

These resources are required:

  • Administrator permissions for the Arctic Wolf Unified Portal.

    You must be a primary or secondary contact. If you require this level of access, submit your request to a primary or secondary contact in your organization.

These actions are required:

  • Allowlist all necessary IP addresses. To see the IP addresses that you must allowlist, sign in to the Arctic Wolf Unified Portal, click Resources > Allowlist Requirements, and then view the IP addresses in the section for your product.

Register the application

  1. Sign in to the Microsoft Azure portal.
  2. In the portal menu, click Microsoft Entra ID.
    Note: If Microsoft Entra ID is not in your portal menu, click All services, and then click Hybrid + multicloud. Locate the entry for Microsoft Entra ID, and then click to add it as a favorite.
  3. In the navigation menu, click Manage > App registrations.
  4. Click + New registration, and then configure these settings:
    • Name — Enter a descriptive name. For example, Arctic Wolf Unified Portal.
    • Supported account type — Select the Accounts in this organizational directory only (Default Directory only - Single tenant) option.
    • Redirect URI — Select Web.
    • Redirect URI — Enter https://auth.arcticwolf.com/login/callback.
  5. Click Register.
    The page for the newly registered application opens.
  6. Copy the Application (client) ID value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Configure the application

  1. In the navigation menu, in the Manage section, click Authentication.
  2. In the Implicit grant section, select the ID tokens checkbox, and then click Save.
  3. In the navigation menu, in the Manage section, select Manifest.
  4. In the Microsoft Graph App Manifest tab, based on the available options, do one of these actions:

    • Change the requestedAccessTokenVersion value from null to 2, and then click Save.

    • Change the accessTokenAcceptedVersion value from null to 2, and then click Save.

  5. In the navigation menu, in the Manage section, click API permissions
  6. On the API Permissions page, complete these steps:
    1. Click + Add a permission.
    2. Click Microsoft Graph.
    3. Click Delegated permissions.
    4. Select the openid checkbox, and then click Add permissions.
    5. Optional: Click Grant admin consent for Default Directory.
      Note:

      If you do not consent, each user is asked to consent when they first sign in.

Create the client secret

  1. In the navigation menu, click Manage > Certificates & secrets.
  2. Click + New client secret, and then configure these settings:
    • Description — Enter a description for the client secret.
    • Expires — Select the time during which this secret is valid.
      Tip:

      Arctic Wolf recommends setting this value to 24 months to prevent issues with an expired secret.

  3. Click Add.
  4. On the Client secrets tab, verify that your new client secret appears.

    Screenshot of the Certificates and Secrets page on the Microsoft Azure Portal. The Value field and text is highlighted by an orange box.

  5. Copy the Value value to a safe, encrypted location.
    You will provide it to Arctic Wolf later.
    Note:
    • The Value value is only available immediately after creation. Do not exit the Certificates & Secrets page until the value is saved in a safe, encrypted location.
    • The Value value is the Client Secret Value that you must provide to Arctic Wolf later. It is not necessary to copy the Secret ID field.
    • You must provide the updated client secret credentials to Arctic Wolf before the credentials expire.

Get the OpenID Connect metadata document URL

  1. On the Overview page for the application, click Endpoints.
  2. In the OpenID Connect metadata document field, click Copy to clipboard, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

    The URL has this format, where directory_(tenant)_id is the directory (tenant) ID of the application that you created: https://login.microsoftonline.com/directory_(tenant)_id/v2.0/.well-known/openid-configuration.

  3. Copy the OpenID Connect metadata document value, and then save it in a safe, encrypted location. You will provide it to Arctic Wolf later.

Register your Azure account with Arctic Wolf

  1. Sign in to the Arctic Wolf Unified Portal.
  2. In the navigation menu, click Organization Profile > Federated Authentication.
  3. Click Submit New Credentials .
  4. Configure these settings:
    • Account Name — Enter a unique and descriptive name for the account.
    • Issuer URL — Enter the OpenID Connect metadata document URL that you copied in Get the OpenID Connect metadata document URL.
    • Client ID — Enter the Application (client) ID that you copied in Register the application.
    • Client Secret — Enter the Client Secret value that you copied in Create the client secret.
    • Domain Name — Enter your company email domain name.
    • Credential Expiry — (Optional) Enter the credential expiration date, if applicable.
  5. Click Submit Credentials.
  6. To apply the configuration:
    1. When prompted to sign out of the Unified Portal, click Confirm and Logout.
    2. Sign in to the Unified Portal through your identity provider (IdP).