SSO - Azure AD
On This Page:
Objective
This document provides instructions on how to configure Azure SSO integration to F5® Distributed Cloud Services. For an overview of F5® Distributed Cloud Console, see About.
SSO setup requires you to be of the tenant owner
type user. Navigate to General
> IAM
> Users
. Select on the Show/hide column
, select the Type
field, and select Apply
to display the Type
column. For the tenant owner, the Type
column displays Tenant Owner
and others, it displays User
.
Prerequisites
- A valid Account is required.
- Note: If you do not have an account, see Create an Account.
- Azure Account with credentials to configure SSO.
Configuration
Integrating Azure SSO requires you to register your application in the Azure Active Directory (AD), obtain client ID and secret, obtain a redirect URI, and configure the redirect URI in the Azure AD.
Navigate to Azure AD
You can navigate to the Azure AD in one of the following ways:
-
Microsoft Office 365 AD
-
Azure cloud portal
From Office 365
Perform the following to navigate to Azure AD from Microsoft Office 365 login.
Step 1: Navigate to Microsoft Office 365 administration settings.
-
Sign into Office 356 AD.
-
Select
All Services
inAzure services
section in top-right menu.
- Select
All Services
inAzure services
section in top-right menu.
Step 2: Open Azure AD admin center.
Select on Azure Active Directory
on the displayed admin centers list.
Note: This opens the Azure AD admin center dashboard.
Step 3: Open the Azure AD settings.
Select the Azure Active Directory
box.
Step 4: Navigate to app registrations.
- Select
App registrations
on the Azure AD dashboard.
- Select
New registration
to start registration for your application.
From Azure Portal
Perform the following to navigate to Azure AD from the Azure cloud portal.
Step 1: Log into Azure cloud portal.
-
Sign into Azure portal.
-
Select your account in Directory list.
-
Choose Active Directory tenant where you wish to register your application.
Step 2: Open app registration in the Azure AD settings.
In the Azure Active Directory pane > select App registrations
.
Register Application and Setup SSO
Step 1: Setup Application
Note: The registered application in Azure AD needs to have the homepage URL set.
-
Select
View all applications in the directory
. -
Select
Application
Diplay Name
> selectBranding & Properties
inManage
column. -
Copy
Home Page URL
. -
Note
URL
for step 2 form.
Step 2: Enter name and account types for your application.
-
Select
App registrations
-
Choose
+ New registration
. -
Enter
Name
for application, for exampleF5-oidc-test
inRegister an Application
page. -
Choose
Supported account types
as required. -
Select a platform
drop-down menu inRedirect URI
section. -
Enter
URL
ine.g. https://example.com/auth
box copied from step 1. -
Select
Register
button
Step 3: Save the application ID.
Find the Application ID value, and record it for later.
Note: You will need ID value to configure the SSO section in F5® Distributed Cloud Console.
Step 4: Configure client secret.
-
Select
Certificates & secrets
tab in left-menu to create a Client Secret. -
Select
+ New client secret
. -
Copy the client secret for configuring the SSO section in the F5® Distributed Cloud Console.
Note: The secret copied for F5 Console SSO config is secret value, not secret ID.
Step 5: Obtain a well-known URL.
Well-known URL describes a metadata document that contains most of the information required for an app to perform sign-in. This includes information such as the URLs to use and the location of the service's public signing keys. The same can be obtained using:
https://login.microsoftonline.com/{tenant}/.well-known/openid-configuration
-
In
App registrations
> selectOwned Applications
> selectEndpoints
. -
Copy the
OpenID Connect metadata document
URL.
- Import into SSO settings in F5 console.
Note: Replace
{tenant}
with your Azure tenant ID. You can obtain your tenant from the Azure cloud portal by navigating toAzure Active Directory
>Overview
screen.
Step 6: Log into F5® Distributed Cloud Console, start configuring SSO.
- Open
F5® Distributed Cloud Console
homepage, selectAdministration
box.
Note: Homepage is role based, and your homepage may look different due to your role customization. Select
All Services
drop-down menu to discover all options. Customize Settings:Administration
>Personal Management
>My Account
>Edit work domain & skills
button >Advanced
box > checkWork Domain
boxes >Save changes
button.
Note: Confirm
Namespace
feature is in correct namespace, drop-down selector located in upper-left corner. Not available in all services.
- Select
Tenant Settings
in left column menu > selectTenant Options
.
Note: If options are not showing available, select
Show
link inAdvanced nav options visible
in bottom left corner. If needed, selectHide
to minimize options from Advanced nav options mode.
- Select
Set up SSO
button.
-
Select
Azure
inPlease choose a service Provider
in pop-up window. -
Select
Continue
button.
Step 7: Configure the client ID and secret for Azure.
Provide Client ID
and Client Secret
obtained from previous steps.
Step 8: Generate redirect URL.
-
Enter the Well-known URL in
Import from well-known URL
box. -
Select
Import
to populate rest of the fields such asAuthorization URL
,Token URL
, etc. -
Select
Continue
to obtain a Redirect URI.
Step 9: Complete SSO setup.
-
Copy the displayed redirect URI.
-
Select
Done.
Step 10: Add the redirect URI in the Azure AD.
-
In the Azure Active Directory.
-
Select
App registrations
in left menu. -
Select the registered application in list
F5-oidc-test
.
- Select
Add a Redirect URI
.
- Select
+ Add a platform
.
- Select
Web Applications
in right pop-up window.
Note: See (Microsoft Docs) [https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app#register-an-application] to learn more.
- Provide the
URI
obtained above to complete Azure SSO setup.
-
Select
Configure
button. -
To confirm, a
Web
Redirect URIs
section is added toAuthentication
>Platform configurations
.