• State Not Answered
  • Replies 6 replies
  • Subscribers 29 subscribers
  • Views 639 views
  • Users 0 members are here
Options
Related

Azure Active Directory as Identity Provider

dario guastella
4 months ago

We need to configure AAD as an Identity Provider to retrieve USERS accessing the SPP.

What is the best way to proceed? Do we also have to configure Starling Connect in order to configure AAD in the Identity Provider section? What type of selection should we make? Active Directory or External Federation type?
Now in the customer's environment only EXTERNAL FEDERATION is configured to have the MFA but we must also configure it as an Identity Provider.

Also, is it necessary a specific license to join to Starling Connect?

I hope to be clear.

Thank you very much for your help

Parents Reply Children
  • 0 4 months ago in reply to dario guastella

    The SCIM provider option can be used to provision Users and User Groups from Entra ID to SPP for example.

    Asset and Account Discovery is a separate feature:

    (Managing AAD Account passwords) this requires the use of the Azure AD asset to browse and import AAD Accounts - The AAD Asset will still need to use the Starling Connect registered connector. This is already available in SPP

    Azure AD (Asset Discovery) is not yet implemented but we do have a feature pending for this functionality.

    Thanks!

  • 0 1 month ago in reply to Tawfiq.Ahmad

    Hey Dario/Tawfiq,

    Just came across this thread and wanted to understand more for my customer's use case. So if the use case is to have AAD user login and have Windows Authenticator as 2FA, we would need to configure SCIM to create, update, delete users into Safeguard and have External Federation to AAD for Secondary Authentication via Windows Authenticator.

    With this configured, in terms of user experience on the login page, would the user first authenticate with email and password, click login and asked to login again via Microsoft login portal which has Windows authenticator? 

    Thanks!

    --Cyril

  • 0 1 month ago in reply to Cyril Chong

    Hi Cyril,

    User would select External Federation and type the email address then SPP will redirect to the Azure Login where the user can complete the authentication and MFA, so in this use-case there is no password typed into SPP login page. After the Azure login + MFA is completed then user is redirected back to SPP as an authenticated user.

    Thanks!

  • 0 1 month ago in reply to Tawfiq.Ahmad

    Understood, thanks for the clarification!