Azure Account Identity Setup
May 29 2023 at 12:00 AM
Description
This set up guide gives the user a step by step process on how to connect their Azure cloud platform with their tenant. It allows users who use the Commander™ platform to log in with their company’s Azure credentials, and ensures much better account management between the tenant and the company’s Azure portal.
 |
| Before Commander can be linked with Azure, the user needs to register Azure to be a login provider for Commander. A user also needs to register a new app on their Azure server. |
 |
| The functions can only be performed by the account owner or users with the relevant account access. |
Key Features
- Allows users to set up a single sign-on where they can log in using their Active Directory accounts.
- Allows Azure and Azure B2C accounts set up.
- Allows account management between the tenant and the company’s Azure portal.
- Ability to customise the look and feel of the environment.
- Updating themes and styles.
Configuring Azure Environment in Commander
To set up an identity provider per account in Commander the user needs to follow the steps below:
They can navigate to the Commander Portal and go to the Portal app. If it does not appear on their dashboard, click on the menu icon on the top right-side of the screen.
 |
| You can add the Portal app as one of your favourite apps by clicking the heart icon next to the app icon. |
Figure 1 - The Portal Management Tool
In Commander Portal, the user can hover their mouse over the left-side menu, click Environmental settings, and then the Authentication configuration tab.
The user will be working with the Microsoft Active Directory configuration section as highlighted in Figure 2.
Figure 2 - Setting up Microsoft Active Directory in Commander
Under Microsoft Active Directory, click on the + icon on the right-side of the columns. This will create a new line where the user can enter the following information:
Comparison of Azure and Commander naming conventions
| Commander | Azure | Notes |
|---|---|---|
| Client ID | Application (client) ID | Found on your Azure Overview dashboard |
| Client Secret | Client Secret | Created under Certificates & secrets |
| Sign in scheme | N/A | Should always be “Identity.External” |
| Authorisation endpoint | Azure AD OAuth 2.0 Authorization endpoint (v2) | Use the following URL and replace {tenant} with their tenant ID: https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize The user can find this on their Azure Overview dashboard |
| Token endpoint | Azure AD OAuth 2.0 Token endpoint (v2) | Use the following URL for the Token endpoint: https://login.microsoftonline.com/common/v2.0/oauth2/token |
| Name | N/A | Name to identify the user login on the Commander login page |
- Once this information has been completed, the user will need to click on the box under “Enable” to enable the settings and save them.
- A Save option will appear on the line item they just created (see Figure 3). The changes made will immediately take effect when the user clicks Save. The system will reboot and should be up and running within a few seconds (usually only takes 20 seconds).
Figure 3 - Enable and Save Settings
The last step is to link Azure to their Commander profile. This setting can be found under the Security tab on your Commander Profile called Manage external logins (see Clip 1 below).
Clip 1 - Link Your External Login
A pop up will prompt the user to link their external login. To do so, click on the Microsoft icon. The process is instant and the user will know it worked when they see the text change to Unlink your external login. They can now navigate back to the Azure dashboard.
To see if it is working, the user can browse to their Commander tenant login screen. They should see the Microsoft login icon as an option to log into their account.
Figure 4 - When setup is complete, they will see the Microsoft Azure icon as an alternative log-in option
Account Theming
Each tenant can have custom logos and colour schemes set for their own login screen. The settings are available in Commander -> Portal -> Environment Settings -> “Account Theming” tab. To navigate through the interface (see Clip 2 below):
Clip 2 - Account Theming Tab
The Account Theming tab consists of two sections (Login and Email) as displayed in the clip above. The properties in each section can be edited manually. Whilst on the tab, a user can complete the relevant information (each required detail is described in full in the list below), and then click the UPDATE button on the right-hand corner of the screen. The following image is an example of a login screen where a tenant has made use of the Account Theming tab to customise the logo, colour schemes, and other properties.
Figure 5 - Login Screen
- Welcome page text: the user can determine the main welcome text that a tenant first sees when the login screen is displayed.
- Background Colour: the user can set the background colour in the primary images.
- Primary Colour: the user can change the colour of the login button on the screen.
- Primary Background Image: the user can upload a background image in .svg format.
- Company email address: when the user updates the company email address, it will automatically be updated in two areas i.e the “contact administrator” section on the login screen, and also the password reset notification email that a user receives whenever they reset their password.
- Password reset image URL: the user can set the image that will appear on the reset password notification email.
- Company logo image URL: when a user signs in, they will receive the sign in notification in the form of an email. “Company logo image URL” will be displayed in this email (see Figure 6).
Terms of use wording: when a user signs in, they will receive the sign in notification in the form of an email. “Terms of use wording” will be displayed in this email (see Figure 6).
Figure 6 - Log In Notification
- Update: this button is used to save and update all the new information the user added.
- Revert to default: the user can reset the information for each property to its default settings.