Azure Active Directory

Azure Active Directory connector setup

To manage your wireless users using Azure Active Directory account, you can enable remote synchronization with your Azure account for users in specific groups.

  1. Log in to the Azure Portal
  2. From the main menu, navigate to Azure Active Directory > Properties > Tenant ID Copy the Tenant ID value.

screenshot

 

3. From the menu, go to Azure Active Directory -> App registrations

screenshot

 

4. Click on New application registration 1. Name - ironwifi for example 2. Application type - Web app / API 3. Sign-on URL - https://www.ironwifi.com

screenshot

 

5. Copy the Application ID value.

screenshot

 

6. Click on the link next to Redirect URIs button.

screenshot

 

7. Under Redirect URIs, click add and paste this link https://console.ironwifi.com/api/oauth2callback. If you are using some other region, replace console with the territory, e.g., us-west1.ironwifi.com. Don't forget to hit save.

screenshot

 

8. Click on API permissions in the left menu and click Add Permission

screenshot

 

9. Click on Microsoft Graph -> Application Permissions and scroll down for Directory → Directory.Read.All. Click on Grant admin consent for the application (ironwifi)

screenshot

screenshot

 

10. Now, navigate to Certificates&Secrets and create a new secret (set duration to never expires). Make sure to copy the value because you can only see it once.

screenshot

IronWiFi Console

  1. Log in to the IronWiFi console
  2. Go to Users Connectors → New Connector
    Screenshot 2023-03-20 3.06.10 PM
    Screenshot 2023-03-20 3.06.47 PM
  3. Choose a name and pick database type - Azure AD
  4. Select Authentication Source: 1. Azure - will forward authentication requests to Microsoft servers for verification 2. Local will verify provided credentials locally - Cleartext-Password attribute, etc.
  5. Enter the Tenant identifier value (Directory ID)screenshot
  6. Enter the Application ID and Application Secret(Value)screenshot
    Screenshot 2023-03-20 2.16.27 PMscreenshot
  7. Click the Continue button, and you will receive a unique authorization code.
  8. Click to Authorize, and we will redirect you to the Azure portal for authorization. Approve the request.
  9. Click Continue
  10. In the Select Group for Import window, select the Group that you want to import

Every imported user will have a random password generated. Please do not delete these generated passwords. They can be used for authentication if there is some problem with your Azure account. Deleting the generated password will disable the user's ability to authenticate.

 

11. Authentication

You have multiple options on how to authenticate your imported users:

Option 1: Authentication using the generated password - PEAP

During the initial synchronization, we create a random password for every imported user. Use CSV export function to export the list of passwords and provide these passwords to your users. You can also change the generated password manually or use our API.

Option 2: Authentication using certificate - TLS

You can manually create a client certificate for each user and distribute these certificates to your users. Users will be able to authenticate to your network using these certificate.

Option 3: Authentication using existing Azure account password - TTLS + PAP

If your users wish to authenticate using their existing Azure credentials, configure your clients to use the TTLS-PAP protocol.

Option 4: Authentication using existing Azure account password - PEAP-MSCHAPv2

If your users wish to authenticate using their existing Azure credentials and you have AD Domain Services enabled, create an Azure AD Bridge.

 

12. Configuring Client Devices

a. The easiest method is to use our profile generator tool since as you will see from the below instructions that Windows makes this setup a very cumbersome task

b. If you prefer to do it manually Follow system specific instructions on how to configure your clients:

  • Windows Clients
  • Android Clients
  • Apple iOS, Mac OS X Clients