SystemUser Interface: Azure Authentication

The following are the options for an Azure authentication configuration.

Note: If you are configuring a multi-site deploymentClosed A configuration of a Spectrum environment that includes Spectrum instances located at different sites within the same WAN. In a multi-site deployment, each Spectrum instance acts as either a headquarters or a facility. of Spectrum, you must sign in to each facility site to configure LDAP or Azure authentication. LDAP or Azure authentication information is not synced from headquarters to facilities.

Azure Authentication

Option Description Notes
Domain Name

A unique name for the Azure server configuration. This field must match the primary domain of the Azure Active Directory Server. To allow users to sign in with their company email address, this field must be set to the email domain.

Required. Set to the "Primary domain" value found in the Azure Portal > Azure Active Directory Overview.

Examples

7g4nfy.onmicrosoft.com

examplecompany.com

Authority

The Azure URL to be used by Spectrum when establishing a connection to the Azure server to authenticate. The format is
https://login. microsoftonline.com/tenantID/

Required. The "Tenant ID" value can be found in Azure Portal > Azure Active Directory Overview.

Example

https://login.
microsoftonline.com/12345/

Client ID

The ID of the Application Registration that was created in the Azure Portal to handle Spectrum authentication.

Required. Set to the "Application (client) ID" value found in the Azure Portal > Azure AD > App Registrations > [app].

Secret Key

Ensures secure access from Spectrum accessing Azure. This value can only be accessed at creation time, so save the key in a secure and private location at the time of creation.

Required. Set to the "Value" found in the Azure Portal > Azure AD > App Registrations > Certificates & Secrets. This value can only be accessed at creation time, so save the key in a secure and private location when you create it.

Scope

Defines the permissions and access level for Spectrum accessing Azure.

Required. Usually the provided default value.

Example

https://graph.microsoft.com/.default

Synchronize

Turn synchronization on or off.

For more information, see Select Objects to Sync.

Auto Provisioning

Option Description Notes
Enable Auto Provisioning

: When disabled, Spectrum users must be created manually in Access Control Access Control. Any previously created auto-provisioned users and group memberships in Spectrum will not be dynamically updated but will continue to work as defined before auto-provisioning was turned off. (Default)

: When enabled, users in your Azure service who belong to an Azure group that is mapped to a Spectrum group are automatically created when the user signs in to Spectrum, and the user's Spectrum group memberships are automatically assigned based on the Spectrum-to-Azure group mappings. If a user already exists in Spectrum, the user's information and group assignments are automatically updated using the Spectrum-to-Azure group mappings every time the user signs in to Spectrum.

When enabled, validation of auto-provisioning fields is required to save any Azure data.

User Provisioning

Option Description Notes

Create User Folder

The Spectrum folder where auto-provisioned users will be created. This folder must already exist in Spectrum and should not be the root folder.

Required.

Auto-provisioned users do not have to remain in this folder after they are created.

Example

/Loftware/Azure Users

Spectrum Group to Azure Group Mapping Table

See User Interface: Group Mapping Table.