Azure Federated Authentication
Updated Aug 21, 2023Create an Azure OpenID Connect application
To set up federated authentication for Arctic Wolf web portals, create an OpenID Connect (OIDC) application in Azure.
- Register the application.
- Configure the application.
- Create the client secret.
- Get the OpenID Connect metadata document URL.
- Gather application and Azure OIDC information.
Step 1: Register the application
- Sign in to the Azure portal.
- Search for and select Azure Active Directory.
- From the navigation menu, under Manage, select App registrations.
- Click New registration.
- Under Name, enter a descriptive name, for example,
Arctic Wolf Portal
. - Under Supported account type, select Accounts in this organizational directory only (Default Directory only - Single tenant).
- Under Redirect URI, select Web.
- In the Redirect URI field, enter
https://auth.arcticwolf.com/login/callback
. - Click Register.
- Record the Application (client) ID value for later.
Step 2: Configure the application
- From the navigation menu, under Manage, select Authentication.
- In the Implicit grant section, select the ID tokens checkbox, and then click Save.
- From the navigation menu, under Manage, select Manifest.
- Change the
accessTokenAcceptedVersion
value fromnull
to2
, and then click Save.
- Change the
- From the navigation menu, under Manage, select API permissions, and then click Add a permission.
-
Click Microsoft Graph.
-
Click Delegated permissions.
-
Select the openid checkbox, and then click Add permissions.
-
(Optional) Click Grant admin consent for Default Directory.
Note: If you do not grant this consent, each user is asked to consent when they first sign in.
-
Step 3: Create the client secret
-
From the navigation menu, under Manage, select Certificates & secrets.
-
Click New client Secret.
-
In the Description field, enter a description.
-
In the Expires field, select the time during which this secret is valid.
Tip: We suggest setting this value to 24 months to prevent issues with an expired secret.
-
Click Add.
-
In the Value field, click Copy to clipboard.
-
Store the client secret in a safe location.
Note: The client secret is only available during this step. If this information is lost before you submit it to Arctic Wolf, you must create a new client secret.
Step 4: Get the OpenID Connect metadata document URL
-
From the Overview page for the application, click Endpoints.
-
In the OpenID Connect metadata document field, click Copy to clipboard.
The URL has this format, where
<directory_(tenant)_id>
is the directory (tenant) ID of the application that you created:https://login.microsoftonline.com/<directory_(tenant)_id>/v2.0/.well-known/openid-configuration
. -
Record the OpenID Connect metadata document value for later.
Step 5: Gather application and Azure OIDC information
- Gather the following information so that you can register your Azure account with Arctic Wolf:
- Client ID — This is the Application (client) ID.
- Client secret
- Issuer URL — This is the OpenID Connect metadata document URL.