AI Docs

Using Azure Active Directory to Authenticate to Certero | v7

2 min read

image-20251116-124030.png

From Certero version 7, there is the ability to use Federated Authentication via Azure Active Directory. In the current release customers must have a traditional on-premise Active Directory and Azure Active Directory. The following sections provide the instructions on how to use Azure Active Directory to authenticate to Certero.

Step 1 - Active Directory Connector

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Copy the URI displayed under Federated Authentication

N.B. do not change the Logon Method from Forms Authentication to Federated Authentication at this point

Step 2 - Azure Active Directory Configuration

  1. Login to Azure Active Directory Admin Center ( https://aad.portal.azure.com/ ) using an Administrator account

  2. Select Azure Active Directory in the left hand menu

  3. Select App registrations in the Overview menu

  4. Click New registration at the top of the screen

  5. Give the registration a friendly name e.g. Certero

  6. In the Support account types section select "Accounts in this organizational directory only (Organisation only - Single tenant)"

  7. In the Redirect URI section select "Web" and paste in the URI from the Active Directory connector in Step 1

  8. Click Register to complete the App registration

  9. Click on the Owned applications tab in App registrations and click on the name of the registration that has just been created

  10. Click Add an Application ID URI on the right hand side of the screen

  11. Click Set and paste in the URI from the Active Directory connector in Step 1

  12. Click Endpoints at the top of the screen

  13. Copy the WS-Federation sign-on endpoint URI

Step 3 - Complete the Configuration

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Change the authentication from Forms Authentication to Federated Authentication

  5. In the Sign-on Endpoint box paste in the WS-Federation sign-on endpoint URI from Step 2

  6. Click Save to save the configuration

  7. To revert back to previous method of authentication change the authentication from  Federated Authentication to Forms Authentication

Step 4 - Test Azure Active Directory Authentication

  1. Ensure there is an Active Directory login already created for the test user under Administration > Logins

  2. Ensure that you are logged in as this user into Azure Active Directory

  3. Go to the Certero login screen

  4. Tick the box Windows/Integrated Authentication and click Login

  5. This should login using the Azure Active Directory Credentials or ask you to provide the Azure Active Directory credentials.