Azure Federated Authentication

Updated Aug 21, 2023

Create an Azure OpenID Connect application

To set up federated authentication for Arctic Wolf web portals, create an OpenID Connect (OIDC) application in Azure.

  1. Register the application.
  2. Configure the application.
  3. Create the client secret.
  4. Get the OpenID Connect metadata document URL.
  5. Gather application and Azure OIDC information.

Step 1: Register the application

  1. Sign in to the Azure portal.
  2. Search for and select Azure Active Directory.
  3. From the navigation menu, under Manage, select App registrations.
  4. Click New registration.
  5. Under Name, enter a descriptive name, for example, Arctic Wolf Portal.
  6. Under Supported account type, select Accounts in this organizational directory only (Default Directory only - Single tenant).
  7. Under Redirect URI, select Web.
  8. In the Redirect URI field, enter https://auth.arcticwolf.com/login/callback.
  9. Click Register.
  10. Record the Application (client) ID value for later.

Step 2: Configure the application

  1. From the navigation menu, under Manage, select Authentication.
    1. In the Implicit grant section, select the ID tokens checkbox, and then click Save.
  2. From the navigation menu, under Manage, select Manifest.
    1. Change the accessTokenAcceptedVersion value from null to 2, and then click Save.
  3. From the navigation menu, under Manage, select API permissions, and then click Add a permission.
    1. Click Microsoft Graph.

    2. Click Delegated permissions.

    3. Select the openid checkbox, and then click Add permissions.

    4. (Optional) Click Grant admin consent for Default Directory.

      Note: If you do not grant this consent, each user is asked to consent when they first sign in.

Step 3: Create the client secret

  1. From the navigation menu, under Manage, select Certificates & secrets.

  2. Click New client Secret.

  3. In the Description field, enter a description.

  4. In the Expires field, select the time during which this secret is valid.

    Tip: We suggest setting this value to 24 months to prevent issues with an expired secret.

  5. Click Add.

  6. In the Value field, click Copy to clipboard.

  7. Store the client secret in a safe location.

    Note: The client secret is only available during this step. If this information is lost before you submit it to Arctic Wolf, you must create a new client secret.

Step 4: Get the OpenID Connect metadata document URL

  1. From the Overview page for the application, click Endpoints.

  2. In the OpenID Connect metadata document field, click Copy to clipboard.

    The URL has this format, where <directory_(tenant)_id> is the directory (tenant) ID of the application that you created: https://login.microsoftonline.com/<directory_(tenant)_id>/v2.0/.well-known/openid-configuration.

  3. Record the OpenID Connect metadata document value for later.

Step 5: Gather application and Azure OIDC information

Next steps

See also