SystemUser Interface: Azure Authentication

The following are the options for an Azure authentication configuration.

Note: If you are configuring a multi-site deploymentClosed A configuration of a Loftware environment that includes Loftware instances located at different sites within the same WAN. In a multi-site deployment, each Loftware instance acts as either a headquarters or a facility. of Loftware Enterprise SP, you must sign in to each facility site to configure LDAP or Azure authentication. LDAP or Azure authentication information is not synced from headquarters to facilities.

Azure Authentication

Option Description Notes
Domain Name

A unique name for the Azure server configuration. This field must match the primary domain of the Azure Active Directory Server. To allow users to sign in with their company email address, this field must be set to the email domain.

Required. Set to the "Primary domain" value found in the Azure Portal > Azure Active Directory Overview.

Examples

7g4nfy.onmicrosoft.com

examplecompany.com

Authority

The Azure URL to be used by Loftware Enterprise SP when establishing a connection to the Azure server to authenticate. The format is

https://login.microsoftonline.com/tenantID/

Required. The "Tenant ID" value can be found in Azure Portal > Azure Active Directory Overview.

Example

https://login.
microsoftonline.com/12345/

Client ID

The ID of the Application Registration that was created in the Azure Portal to handle Loftware Enterprise SP authentication.

Required. Set to the "Application (client) ID" value found in the Azure Portal > Azure AD > App Registrations > [app].

Secret Key

Ensures secure access from Loftware Enterprise SP accessing Azure. This value can only be accessed at creation time, so save the key in a secure and private location at the time of creation.

Required. Set to the "Value" found in the Azure Portal > Azure AD > App Registrations > Certificates & Secrets. This value can only be accessed at creation time, so save the key in a secure and private location when you create it.

Scope

Defines the permissions and access level for Loftware Enterprise SP accessing Azure.

Required. Usually the provided default value.

Example

https://graph.microsoft.com/.default

Synchronize

Turn synchronization on or off.

For more information, see Select Objects to Sync.

Auto Provisioning

Option Description Notes
Enable Auto Provisioning

: When disabled, Loftware Enterprise SP users must be created manually in Access Control Access Control. Any previously created auto-provisioned users and group memberships in Loftware Enterprise SP will not be dynamically updated but will continue to work as defined before auto-provisioning was turned off. (Default)

: When enabled, users in your Azure service who belong to an Azure group that is mapped to a Loftware group are automatically created when the user signs in to Loftware Enterprise SP, and the user's Loftware group memberships are automatically assigned based on the Loftware-to-Azure group mappings. If a user already exists in Loftware Enterprise SP, the user's information and group assignments are automatically updated using the Loftware-to-Azure group mappings every time the user signs in to Loftware Enterprise SP.

When enabled, validation of auto-provisioning fields is required to save any Azure data.

User Provisioning

Option Description Notes

Create User Folder

The Loftware Enterprise SP folder where auto-provisioned users will be created. This folder must already exist in Loftware Enterprise SP and should not be the root folder.

Required.

Auto-provisioned users do not have to remain in this folder after they are created.

Example

/Loftware/Azure Users

Loftware Group to Azure Group Mapping Table

See User Interface: Group Mapping Table.