In order to be able to authenticate Zylinc Cloud users against an Azure Active Directory an Application must
be created in Azure.
App creation in Azure portal
Go to your Azure Active Directory in the Azure portal and follow the steps below.2. Register an App
Click App registrations, New registration.
Call it for example AdAuthentication and enter the Redirect URL:
https://novus.zylinc.cloud/tenant1/auth/signin-aad
where you replace novus.zylinc.cloud with the hostname of your installation.
Replace tenant1 with the tenant number that this App registration is for.
Click the Register button.
Grant API permissions
When you have created the application it already has the required API permission, which is
User.Read.
Click on the "Grant admin consent for ..." button to grant admin consent for the API permissions.
The permissions are then as shown below:
Add a Client Secret
Get the Client and Tenant IDs for the application
Go to the Application Overview page and copy the Client ID and Tenant ID. You need
to enter these in the Zylinc Cloud Configuration UI along with the Client Secret.
App creation using Azure CLI commands
The application can also be made with the Azure CLI commands below.
Copy the requiredResourceAccess.json file to the Azure storage (clouddrive) used by Azure CLI.
If you are using the Cloud Shell in the Azure Portal then you can click on the Upload File button in its
menubar as shown below
az ad app create \
--display-name AdAuthentication \
--password VerySecretWord#1234 \
--end-date 2100-12-31 \
--reply-urls https://novus.zylinc.cloud/tenant1/auth/signin-aad \
--required-resource-accesses requiredResourceAccess.json
Replace the password with your choice.
Replace the reply-urls to match your installation.
Grant admin consent for the requested API permissions with this command
az ad app permission admin-consent --id 00000000-0000-0000-0000-000000000000
where 00000000-0000-0000-0000-000000000000 must be replaced with the actual ID of the
application created above.
(Note: the az ad app permission admin-consent fails with an exception)