If you want to manage your wireless users using Azure Active Directory account, you can enable remote synchronization with your Azure account for users in specific groups.
In your Azure Active Directory portal
- Log in to the Azure portal
- From the main menu, navigate to Azure Active Directory > Properties > Directory ID. Copy the Directory ID value. It is your Tenant ID.
- From the menu, go to Azure Active Directory -> App registrations
- Click on New application registration
- Name - ironwifi for example
- Application type - Web app / API
- Sign-on URL - https://www.ironwifi.com
- Copy the Application ID value.
- Click on the Settings button.
- Click on Reply URLs and add https://console.ironwifi.com/api/oauth2callback. If you are using some other region, replace console with the territory, e.g., us-west1
- Click on Required permissions and click Add
- API - Microsoft Graph
- Application Permissions and Delegated Permissions - Read directory data
- Click on Keys and add a key - duration Never expires. Copy the generated value.
In the IronWifi Console
- Log in to the IronWifi Console
- From the menu, go to Users -> Connectors -> New Connector
- Fill in Name, select Azure AD as Database Type
- Select Authentication Source:
- Azure - will forward authentication requests to Microsoft servers for verification
- Local will verify provided credentials locally - Cleartext-Password attribute, etc.
- Enter the Tenant identifier value (Directory ID)
- Enter the Application ID and Application Key.
- Click the Continue button, and you will receive a unique authorization code.
- Click to Authorize, and we will redirect you to the Azure portal for authorization. Approve the request.
9. Click Continue
10. In the Select Group for Import window, select the Group that you want to import
Every imported user will have a random password generated. Please do not delete these generated passwords. They can be used for authentication if there is some problem with your Azure account and deleting the generated password will disable the user's ability to authenticate.
You have multiple options on how to authenticate your imported users:
Option 1: Authentication using the generated password - PEAP
During the initial synchronization, we create a random password for every imported user. Use CSV export function to export the list of passwords and provide these passwords to your users. You can also change the generated password manually or use our API.
Option 2: Authentication using certificate - TLS
You can manually create a client certificate for each user and distribute these certificates to your users. Users will be able to authenticate to your network using these certificate.
Option 3: Authentication using existing Azure account password - TTLS + PAP
If your users wish to authenticate using their existing Azure credentials, configure your clients to use the TTLS-PAP protocol.
12. Configuring Client Devices
a. The easiest method is to use our profile generator tool since as you will see from the below instructions that Windows makes this setup a very cumbersome task
b. If you prefer to do it manually Follow system specific instructions on how to configure your clients: