Companies may require user authentication through Azure. ExSign allows users to log in and get authenticated through Azure. For users to log in through Azure, the same users must exist in both Azure AD as well as in the respective on-premises AD.
Azure Auth Requirements in On-Premise Active Directory
ExSign Admin Role: The ExSign Admin is a global administrator with full control, responsible for creating central rules, configuring top-level settings, and managing portal access, licenses, and security. Before logging into Azure, a corresponding group for the ExSign Admin Role should be present in the On-Premise Active Directory (AD), and an AD user with the same name as the Azure AD user must exist in the On-Premise AD. Once these prerequisites are met, the Azure user will automatically log in with the ExSign Admin Role using their Azure credentials.
Exchange Admin: The Exchange Admin manages an exclusive Exchange environment and shares the same Active Directory as the ExSign Admin. Exchange Admin can log in to ExSign with their UPNs to publish, edit, delete rules, and manage banners. Before logging into ExSign using Azure credentials, a corresponding AD group for the Exchange Admin Role should be present in the On-Premise Active Directory (AD), and an AD user with the same name as the Azure AD user must exist in the On-Premise AD. Once these prerequisites are met, the Azure user will automatically log in with the Exchange Admin Role using their Azure credentials.
OU Admin: An OU Admin is created through ExSign, they can only add and edit rules for their own organization. They however cannot publish or unpublish rules. They can also view and edit banners. They however cannot publish banners. Before logging into Azure, a corresponding group for the OU Admin Role should be present in the On-Premise Active Directory (AD), and an AD user with the same name as the Azure AD user must exist in the On-Premise AD. Once these prerequisites are met, the Azure user will automatically log in with the OU Admin Role using their Azure credentials.
The following are the steps required for enabling authentication through Azure:
Steps required for Signing with Azure
Log in to Portal Azure directory and click on Microsoft Entra ID, as explained in picture below.
- Register your application by clicking on the new registration.
- During the Registration of the application, enter the URL for the Portal as shown in the image below. Also, add “/Login/LoginCallback” portion with the Portal URL. Please note that the URL is case-sensitive. So, keep in mind not to change the letter-case of the URL.
- Click on Client credentials and add a secret.
- Record the secret's value for use in your client application code. This secret value is never displayed again after you leave this page.
- Copy the Client ID, Tenant ID, and Secret key and paste it in ExSign, as shown in picture.
- Steps to login to ExSign using Azure Credentials: Now, make sure that the Azure AD user that wants to login to ExSign Portal using Azure should also exist on the AD of the ExSign Portal. This scenario is true for the Portal Admin and Exchange Admin. In the case of the OU Admin, its user must be created in the respective remote AD.
- Then, provided that the Azure AD user also exists on the respective AD, make that user a member of that AD’s security group (for Portal and Exchange Admins, the Azure user must be member of either the Portal Admin’s security group or Exchange Admin’s security group. For the OU Admin, the Azure user must be a member of the OU Admin’s security group).
- Now, log-in using the Azure user’s credentials and click “Sign in with Azure”.
For any further query or concern regarding information shared in this kb article, send an email to support@hostingcontroller.com