How to add an Azure Active Directory provider
An Azure Active Directory provider allows you to connect a Web API tile to any Azure application's API that uses Azure Active Directory (AD) for authentication. This can be an Azure API that Microsoft provides (for example, Microsoft Graph) or one you yourself have built. The authentication details needed for accessing the application's API are stored in the Azure Active Directory provider.
Note: For Azure Log Analytics and Azure Application Insights there are dedicated tiles and providers. If you want to use those applications, you should use the dedicated tiles and providers. For any other Azure application, use the Azure Active Directory provider and the Web API tile.
Prerequisites
- If you use a proxy server you may need to configure the proxy to allow communication with the Azure Active Directory (How to configure Dashboard Server to use a proxy).
- A Microsoft Azure Active Directory workspace.
- Access to your Azure portal with the following roles:
- Azure subscription administrator role
- Azure Active Directory User administrator role
Creating an Azure Active Directory provider
There are two environments involved when you are creating an Azure Active Directory provider:
You need to enable access for Dashboard Server in your Azure portal. You only need to do this once, regardless of the number of Dashboard Server instances you have.
How to enable access for Dashboard Server in your Azure portalNote: The following steps are done in your Azure portal. Please refer to the Azure documentation if you need help with any of the steps.
Create a new AD application in your Azure portal to connect with Dashboard Server.
The application needs a platform of type web with a Redirect URI in the following format:
https://FQDNofYourSquaredUpServer/YourSquaredUpVersion/ext-core-webapi/callback/NameOfYourADDProvider
FQDNofYourSquaredUpServer For example yoursquaredupserver.yourdomain.name
YourSquaredUpVersion For example squaredupv5
NameOfYourADDProvider The name you'll give the Azure Active Directory provider when you create it in Dashboard Server Configure the settings for the application.
Configure the appropriate settings for authentication and permissions
Create a client secret for the Azure Active Directory provider
You need to create an Azure Active Directory provider in Dashboard Server to connect to your Azure Active Directory. You can add as many providers as you want.
How to create an Azure Active Directory provider in Dashboard ServerIn Dashboard Server, navigate to the right-hand menu ☰ > system > Integrations.
Under Integrations click Azure Active Directory.
Settings:
name Enter a name for your provider.
Note: The name must match the name you used as part of the Redirect URI in your Azure portal.
Where is the provider name used in the Redirect URI in Azure?The Redirect URI in Azure has to following format:
https://FQDNofYourSquaredUpServer/YourSquaredUpVersion/ext-core-webapi/callback/NameOfYourADDProvider
FQDNofYourSquaredUpServer For example yoursquaredupserver.yourdomain.name
YourSquaredUpVersion For example squaredupv5
NameOfYourADDProvider The name you'll give the Azure Active Directory provider when you create it in Dashboard Server base URL Enter the base URL for all API requests for this provider. This URL will be prepended to all requests a tile that uses this provider makes.
azure active directory tenant id Enter your Azure Active Directory Tenant ID.
resource URL Enter the resource or API root URL you want to access. This URL can be identical to the Base URL, depending on which API you are using.
active directory application id Enter your Active Directory Application ID.
application key The client secret you created in Azure. If you followed the steps for configure settings for an application in Azure, the client secret should still be in your clipboard or in your password manager. If you don't have your client secret or your client secret expired, you need to create a new one.
authorization scope (optional) Here you can limit the tiles that use this provider to perform only certain actions. For example, you can narrow down the scope to read only GET requests or to specific parts of the API.
Please refer to the API documentation of the API you are using for details about how to enter the authorization scope.
Click save.