Skip to main content

Microsoft Azure AD Integration Guide Requirements

Matti Ketonen
  • Updated

This guide provides information on the requirements to successfully:

  • Set up Beyond Identity as a passwordless authentication solution for your Hybrid Azure AD environment.

  • Set up an Active Directory and Azure AD to use Beyond Identity as an Identity Provider.

  • Set up the Beyond Identity Admin Console and User Console applications in Azure AD.

  • Set up SCIM-based provisioning from Azure AD to Beyond Identity Cloud.

Prerequisites

Ensure that you have the following:

  • An Active Directory Admin account with “Enterprise Administrator” privileges to:

    • Configure groups and an alternative domain name.

  • An Azure Active Directory Admin account with “Global Administrator” privileges to:

    • Configure “Beyond Identity Admin Console” and “Beyond Identity User Console” applications.

    • Set up SCIM-based provisioning from Azure AD to the Beyond Identity Cloud.

  • Hybrid Identity deployment with Active Directory, DNS Server, Azure AD Connect, and Azure AD configured.

  • An alternative domain name to be used during Beyond Identity testing phase. The alternative domain name must be a top-level domain and not a subdomain. (e.g., for examplecompany.com as a primary domain, use examplecompany.org as an alternative domain) You will need access to your alternative domain’s DNS settings to verify the domain in Azure AD.

  • A Windows machine with “Administrator” privileges to:

    • Set up an AD domain (or alternative domain during the test phase) for federated authentication.

Beyond Identity Configuration

Please provide the following information to the Beyond Identity Field Team.

Your company name

 

Your Azure AD Instance ID

 

Beyond Identity Admin Console Requirements
Application credentials (SAML SSO)

  • SSO URL

  • SSO Entity ID

  • SSO X.509 Signing Certificate

 

Beyond Identity User Console Requirements
Application credentials

  • SSO Client Id

  • SSO Client Secret

 

(Optional) A logo for your corporation
Logo requirements:

  • 300 x 150 pixels or less

  • File size of 10kb or less

  • File types accepted:

    • SVG

    • PNG

    • JPG

    • GIF

 

The following information will be supplied by the Beyond Identity Field Team.

Beyond Identity Admin Console

SAML URLs:

  • Identifier/Entity ID

  • Reply / ACS URL

 

 

<https://auth.byndid.com/auth/saml/<Conn-ID>/sso/metadata.xml>
<https://auth.byndid.com/auth/saml/<Conn-ID>/sso>

SCIM / Event Hook API Bearer Token

To be supplied.

Beyond Identity Org ID

To be supplied.

SCIM API endpoints

https://api.byndid.com/scim/v2/users
https://api.byndid.com/scim/v2/groups

Active Directory Configuration

Once a meeting is set up with Beyond Identity, our Sales Engineer will perform the following tasks:

  • Section 1-A: Set up Active Directory Groups (Optional)

  • Section 1-B: Set up Azure Active Directory Groups (Optional)

  • Section 2: Set up an Alternative Domain Name for use during testing

  • Section 3: Set up the Beyond Identity Admin Console in Azure AD

  • Section 4: Set up Admin Console Access in the Beyond Identity Support Console

  • Section 5: Set up the Beyond Identity User Console in Azure AD

  • Section 6: Set up the Beyond Identity User Console

  • Section 7: Set up the Beyond Identity Console for User Authentication

  • Section 8: Configure Beyond Identity as the Identity Provider

Setting up Test Users

The following tasks will also be set up during the meeting:

  • User Enrollment

  • User Authentication (Signing in)

  • User Deprovisioning

These tasks will require approximately 60-90 minutes.

Related articles

Comments

0 comments

Please sign in to leave a comment.

Powered by Zendesk