Azure Active Directory SSO

Review for basics on ChaosSearch and Azure AD SSO integration.

Azure Active Directory is a Microsoft Azure service that provides identity and access management. ChaosSearch supports single sign-on with Azure AD, which means your organization can incorporate ChaosSearch into your application base in Azure AD and let your users securely access ChaosSearch.

185185

📘

IMPORTANT:

Confirm that you are Microsoft's Azure Active Directory (Azure AD) for these instructions. If you are using Active Directory Federation Services (ADFS), there are different instructions for the SSO setup.

Overview of Configuration Methods

To configure Azure AD authentication for ChaosSearch, ChaosSearch must configure its Auth0 broker with the information for the customer's Azure AD service. The customer administrators must register ChaosSearch as an application with their Azure AD with URL information provided by ChaosSearch.

There are two supported methods for configuring Azure AD authentication support with ChaosSearch:

Cloud Connector Method

To configure Azure AD authentication for ChaosSearch using the cloud connector, the customer administrators must provide the following information to ChaosSearch Customer Success:

  • Microsoft Azure AD domain name
  • Application (Client) ID
  • Client secret

📘

NOTE

Detailed instructions for configuring Azure AD are in the Microsoft help at https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app. Work with your Customer Success representative during this process to ensure the correct configuration.

To register the ChaosSearch application in Azure AD and obtain the information:

  1. Register the ChaosSearch application with Azure AD as described in the Microsoft help topic linked above.
  • To specify a Redirect URI for the ChaosSearch application, discuss the endpoint name to use with your ChaosSearch Customer Success representative.
  • Follow the steps in the section for "Add a client secret" to complete that task for the setup.

👍

Information:

Make sure that you have the three values for the Azure AD domain, the application (client) ID, and the client secret.

  1. ChaosSearch administrators will create an enterprise connection in Auth0 with the supplied Azure AD domain, Application (client) ID, and client secret.

  2. ChaosSearch administrators will enable the enterprise connection in Auth0.

  3. Test the connection.

SAML 2 Configuration Method

For customers who want to establish Azure AD authentication for ChaosSearch using the SAML 2 connector:

  1. ChaosSearch will register the application in the Auth0 broker and provide the following information to the customer administrators:
  • A post-back URL(also called Assertion Consumer Service URL) such as https://*customer*-chaossearch.auth0.com/login/callback?connection=*customer*-azure
  • An Entity ID (ID or the service provider) such as urn:auth0:*customer*-chaossearch:*customer*-azure
  1. The customer administrators must provide the following information to ChaosSearch Customer Success:
  • Sign in URL
  • X.509 token signing certificate in PEM or CER format

📘

NOTE:

Detailed information about using SAML 2.0 as an IdP for Azure AD single sign-on is available at https://docs.microsoft.com/en-us/azure/active-directory/hybrid/how-to-connect-fed-saml-idp.


Did this page help you?