It is possible for the Atria users to login into Atria using their Azure AD Account. For doing so, some configuration required both in Azure Active Directory and Atria. Here in this document we are going to show the required configurations as well as the implementation details of this feature in Atria.
It is required that we configure both Azure Active Directory and Atria before the User can authenticate using Azure AD. In the following section we are going to describe the steps required for such configurations.
An Application muse be registered in Azure AD so the Atria User are capable to authenticate into Azure AD and Atria. For registering a new Application in Azure AD follow theses steps:
Azure Active Directory Authentication is disabled by default in Atria. For enabling it, it is required that some configurations define in the Config Service. Here is the list of configurations which is required:
For defining the keys/values to enable this feature in the configuration server you need to do the following steps:
Add-AzureADSsoAuthenticationConfigs.ps1Parameters:.\Add-AzureADSsoAuthenticationConfigs.ps1 -ClientId ${put-appId-here} -RedirectUri ${put-redirectUri-here} -ShowPIILogs
The System checks for the existence of the ClientId config and if the value is not null or empty the Azure Ad Authentication will be enabled and the user can see the related button on the login page.
Please note that not all Atria users can login with Azure Active Directory. The following conditions must be met for any users who wants to login using Azure AD:
If there is a Load Balancer / Reverse Proxy in the target environment the following headers must be defined and pass to the downstream proxies in order to the AAD Authentication works correctly.
X-FORWARDED-HOST : The hostname and the port number (e.g. atriaweb:8086)
X-FORWARDED-PROTO The protocol which can be 'http' or 'https'
Here is an example for defining these headers in nginx reverse proxy
location / { proxy_pass http://localhost/; proxy_set_header X-FORWARDED-HOST $http_host; proxy_set_header X-FORWARDED-PROTO $scheme; }