AI Docs

Using Azure Active Directory (WS-Fed) to Authenticate to Certero | v8

2 min read

image-20251116-154715.png

From Certero version 8, there is the ability to use Federated Authentication via Azure Active Directory. In the current release customers must have a traditional on-premises Active Directory and Azure Active Directory. The following sections provide the instructions on how to use Azure Active Directory to authenticate to Certero.

Step 1 - Active Directory Connector

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Copy the URI displayed under Federated Authentication

N.B. do not change the Logon Method from Forms Authentication to Federated Authentication at this point

Step 2 - Azure Active Directory Configuration

  1. Login to Azure Active Directory Admin Center ( https://aad.portal.azure.com/ ) using an Administrator account

  2. Select Azure Active Directory in the left hand menu

  3. Select App registrations in the Overview menu

  4. Click New registration at the top of the screen

  5. Give the registration a friendly name e.g. Certero

  6. In the Support account types section select "Accounts in this organizational directory only (Organisation only - Single tenant)"

    1. In the Redirect URI section select "Web" and paste in the URI from the Active Directory connector in

  7. Click Register to complete the App registration

  8. Click on the Owned applications tab in App registrations and click on the name of the registration that has just been created

  9. Click Add an Application ID URI on the right hand side of the screen

  10. Click set and click save

  11. Click the copy to clipboard button and save this away:

  12. Click endpoints at the top of the screen

  13. Copy the Federation metadata document URL and save this away:

Step 3 - Complete the Configuration

  1. Go to Connectors > Active Directory

  2. Open the properties of the Active Directory Connector

  3. Click on the Authentication tab

  4. Change the authentication from Forms Authentication to Federated Authentication

  5. In the Application ID Uri field, paste in the Application ID Uri you saved point 12 above.

    1. In the Metadata Document field, paste in the Federation metadata document address you saved in point 14 above

  6. Click Save to save the configuration

  7. To revert back to previous method of authentication change the authentication from  Federated Authentication to Forms Authentication

Step 4 - Test Azure Active Directory Authentication

  1. Ensure there is an Active Directory login already created for the test user under Administration > Logins

  2. Ensure that you are logged in as this user into Azure Active Directory

  3. Go to the Certero login screen

  4. Tick the box Windows/Integrated Authentication and click Login

  5. This should login using the Azure Active Directory Credentials or ask you to provide the Azure Active Directory credentials.