Azure Active Directory

To integrate the Axon Ivy Engine with Azure Active Directory as an Identity Provider, you first need to create an application in Azure Active Directory. From which you need at least the following settings:

  • the TenantId (Directory (tenant) ID)

  • the ClientId (Application ID) and

  • the ClientSecret (Secret Value).

It is sufficient to copy the following template and adjust the values. The Engine Cockpit offers a detailed configuration page to connect to Azure Active Directory.

Template

 1# Azure Active Directory as an Identity Provider for the 'default' Security System
 2# [engineDir]/configuration/ivy.yaml 
 3SecuritySystems:
 4  default:
 5    Provider: azure-active-directory
 6    TenantId: 03a6b499-b98a-4e6e-b422-00a84144c5e0
 7    ClientId: cd5b4637-9be8-4008-94ea-23ed80c56820
 8    ClientSecret: "${encrypt:1234}"
 9    GroupFilter: y4zb4273-gbr7-6068-66da-11ac414hc5e2
10
11    Roles:
12      Manager: 208e37b6-f34c-4026-bae5-c3aa40bec705
13      Employee: 903a8e76-2922-4fde-92e5-fb361cf3bc4e
14
15    UserAttribute:
16      Properties:
17        phoneNumber: mobilePhone

Reference

 1# Azure AD Tenant ID
 2TenantId: ""
 3
 4# Client ID provided by Azure AD when registering the application
 5ClientId: ""
 6
 7# Client key provided by Azure AD when registering the application
 8ClientSecret: ""
 9
10# Object ID of a group which users needs to belong to
11GroupFilter: ""
12
13# Role mapping that is considered by the user synchronization.
14# Users are added to the roles to which they are assigned in.
15# The left side, e.g. Manager, specifies the unique name of the role defined in Axon Ivy.
16# On the right side, e.g. 208e37b6-f34c-4026-bae5-c3aa40bec705, the UUID of the role in Azure AD.
17# The synchronization adds all users to Manager that are assigned to 208e37b6-f34c-4026-bae5-c3aa40bec705
18# [keyvalue:Ivy Role,Azure Group GUID]
19Roles:
20  #Manager: 208e37b6-f34c-4026-bae5-c3aa40bec705
21
22UserAttribute:
23  # User property mapping of Azure AD attributes that are imported and available as user properties (IUser.getProperty).
24  # The left side, e.g. phone, specifies the unique name of the user property in Axon Ivy.
25  # On the right side, e.g. mobilePhone, the name of the attribute of a user in Azure AD. All available
26  # attributes are described here: https://learn.microsoft.com/en-us/graph/api/resources/user?view=graph-rest-1.0
27  # [keyvalue:User Property,Azure Property]
28  Properties:
29    #phoneNumber: mobilePhone