Configuring Azure Active Directory discovery

This topic describes how to configure Azure Active Directory discovery through Secure Lightweight Directory Access Protocol (TLS 1.2).

Configuring vFire Core

Core can be easily configured to scan your Azure Active Directory using the Active Directory Connector secured with SSL.

  1. Configure your active Directory Connector integration with the Azure Domain in the LDAP server path. This must match the certificate name. If you are using a wild card SSL certificate for your domain, then you will need to preface the address with Azure.

    2. *.alembatest.com would be configured as LDAP://Azure.alembatest.com

  2. Configure your security settings per your requirements, if you are using the SSO connector for authentication do not check “authenticate imported people at source”.
  3. Configure your Resource and Filed mapping values as per the AD connector guide.

If you are using the SSO connector for authentication you must ensure your Matching Fields are configured to match existing user on the AD and SSO connectors. 

 

Configuring Azure Active Directory.

To configure the Azure Active Directory to allow LDAPS connections you will need to navigate to your Azure Active Directory using the older Azure portal at https://manage.windowsazure.com

  1. Navigate the Active Directory and Domain you wish to configure and select the Configure tab.
  2. Scroll down to the “domain service” section and enable Domain Services.

  3. You will then need to configure your LDAPS certificate which will need to be uploaded to Azure in PFX format. 

  4. Once you have configured your certificate enable. Enable Secure LDAP Access over the Internet.

  5. Once enabled, you will need to ensure you have the relevant Entries in your Domain DNS records to point to the IP address shown in the “External IP Address for LDAPS Access” field.

    6. Further information on configuring AZURE LDAPS can be found at https://azure.microsoft.com/en-gb/documentation/articles/active-directory-ds-admin-guide-configure-secure-ldap/#requirements-for-the-secure-ldap-certificate