This article describes settings that have been used successfully within OnGuard and Microsoft Azure AD in order to use Azure AD as a third-party identity provider for OnGuard via the OpenID Connect protocol.
Note: Third-party settings may be different from those discussed here based on the specific third-party product or version in use or other differences. The following settings and directions on where to find settings in the Azure administration portal are not guaranteed to work in all situations. For details on using their service, contact your third-party provider, or refer to their documentation.
Procedure Steps
Azure AD Settings:
- When adding OnGuard to your application registrations, select Native as the Application Type.
- The Redirect URI must be the URI for Lenel Console for the specific OnGuard installation.
- The redirect URIs may be edited, if necessary, by editing the Manifest at Home > Azure > Active Directory > App Registrations > .
- Set the Base URL to https://login.microsoftonline.com/. You can find your Directory ID in the Azure administration page at Home > Azure Active Directory > Properties.
- Use the Application ID listed for the application for the Client ID in OnGuard. You can find the Application ID in the Azure administration page at Home > Azure Active Directory > Properties > App Registrations.
- Uncheck Advanced > Require Access Token Hash.
- Uncheck Advanced > Validate Issuer Name.
- Set Advanced > Additional Endpoints to https://login.microsoftonline.com/common/discovery/keys, or uncheck Validate Endpoints.