SSO - Azure AD
On This Page:
Objective
This document provides instructions on how to configure Azure SSO integration to F5® Distributed Cloud Services. For an overview of F5® Distributed Cloud Console, see About.
Note: SSO setup requires you to be of the
tenant owner
type user. Navigate toGeneral
>IAM
>Users
. Select on theShow/hide column
, select theType
field, and selectApply
to display theType
column. For the tenant owner, theType
column displaysTenant Owner
and others, it displaysUser
.
Prerequisites
- A valid Account is required.
- Note: If you do not have an account, see Create an Account.
- Azure Account with credentials to configure SSO.
Configuration
Integrating Azure SSO requires you to register your application in the Azure Active Directory (AD), obtain client ID and secret, obtain a redirect URI, and configure the redirect URI in the Azure AD.
Navigate to Azure AD
You can navigate to the Azure AD in one of the following ways:
-
Microsoft Office 365 AD
-
Azure cloud portal
From Office 365
Perform the following to navigate to Azure AD from Microsoft Office 365 login.
Step 1: Navigate to Microsoft Office 365 administration settings.
-
Sign into Office 356 AD.
-
Select
All Services
inAzure services
section in top-right menu.
- Select
All Services
inAzure services
section in top-right menu.
Step 2: Open Azure AD admin center.
Select on Azure Active Directory
on the displayed admin centers list.
Note: This opens the Azure AD admin center dashboard.
Step 3: Open the Azure AD settings.
Select the Azure Active Directory
box.
Step 4: Navigate to app registrations.
- Select
App registrations
on the Azure AD dashboard.
- Select
New registration
to start registration for your application.
From Azure Portal
Perform the following to navigate to Azure AD from the Azure cloud portal.
Step 1: Log into Azure cloud portal.
-
Sign into Azure portal.
-
Select your account in Directory list.
-
Choose Active Directory tenant where you wish to register your application.
Step 2: Open app registration in the Azure AD settings.
In the Azure Active Directory pane > select on App registrations
> choose New registration
.
Register Application and Setup SSO
Step 1: Enter name and account types for your application.
-
Enter a name for the application, for example
F5-oidc-test
. -
Choose account types as required.
-
Select register.
Step 2: Save the application ID.
Find the Application ID value, and record it for later.
Note: You'll need it to configure the SSO section in the F5® Distributed Cloud Console.
Step 3: Configure client secret.
-
Select
Certificates & secrets
tab in left-menu to create a Client Secret. -
Select
+ New client secret
. -
Copy the client secret for configuring the SSO section in the F5® Distributed Cloud Console.
Step 4: Obtain a well-known URL.
Well-known URL describes a metadata document that contains most of the information required for an app to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The same can be obtained using:
https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration
-
In
App registrations
> selectOwned Applications
> selectEndpoints
. -
Copy the
OpenID Connect metadata document
URL.
- Import into SSO settings in F5 console.
Note: Replace
{tenant}
with your Azure tenant ID. You can obtain your tenant from the Azure cloud portal by navigating toAzure Active Directory
>Overview
screen.
Step 5: Log into F5® Distributed Cloud Console, start configuring SSO.
- Open
F5® Distributed Cloud Console
homepage, selectAdministration
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.
Note: Confirm
Namespace
feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
- Select
Tenant Settings
in left column menu > selectTenant Options
.
Note: If options are not showing available, select
Show
link inAdvanced nav options visible
in bottom left corner. If needed, selectHide
to minimize options from Advanced nav options mode.
- Select
Set up SSO
button.
-
Select
Azure
inPlease choose a service Provider
in pop-up window. -
Select
Continue
button.
Step 6: Configure the client ID and secret for Azure.
Provide Client ID
and Client Secret
obtained from previous steps.
Step 7: Generate redirect URL.
-
Enter the Well-known URL in
Import from well-known URL
box. -
Select
Import
to populate rest of the fields such asAuthorization URL
,Token URL
, etc. -
Select
Continue
to obtain a Redirect URI.
Step 8: Complete SSO setup.
-
Copy the displayed redirect URI.
-
Select
Done.
Step 9: Add the redirect URI in the Azure AD.
-
In the Azure Active Directory.
-
Select
App registrations
in left menu. -
Select the registered application in list
F5-oidc-test
.
- Select
Add a Redirect URI
.
- Select
+ Add a platform
.
- Select
Web Applications
in right pop-up window.
Note: See (Microsoft Docs) [https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application] to learn more.
- Provide the
URI
obtained above to complete Azure SSO setup.
-
Select
Configure
button. -
To confirm, a
Web
Redirect URIs
section is added toAuthentication
>Platform configurations
.