Enabling Azure Active Directory

Beginning with version 2.10, Orchid Fusion VMS allows Azure Active Directory authentication. By performing some configuration work on the front end, your Orchid Fusion VMS users will be able to sign in with their existing Azure Active Directory credentials.

*If you are using Orchid Hybrid VMS, remember that it is a managed system. IPConfigure Support staff will need to configure the system to use Azure Active Directory authentication.

Prerequisites

To configure Orchid Fusion VMS to work with Azure Active Directory, you will need to have an Azure Active Directory server that:

• Is reachable from your Orchid Fusion VMS server.
• Contains at least one Azure Active Directory user who is a member of at least one Azure Active Directory group.
  

Create an Azure Active Directory Application

Follow the steps below to create an Azure Active Directory App. For a more detailed look at this process, please refer to the next topic. (Please refer to Microsoft documentation for the most up-to-date instructions.)

• Log into the Azure Active Directory portal
  • https://portal.azure.com/#blade/Microsoft_AAD_IAM/ActiveDirectoryMenuBlade/Overview
• Register an Azure Active Directory “App”
  • Manage – “App registrations” – click “New registration”
    • Enter name
    • Select “Single tenant”
    • Select “Client Application (Web, iOS, Android, Desktop+Devices)”
  • App registrations – – click “Authentication”
    • “Add a platform” – select “Web”
    • Enter the Fusion redirect URI: /redirect.html
  • App registrations – – “API permissions”
    • Add Microsoft Graph Directory.Read.All (Delegated)
    • Admin consent – Microsoft Graph Directory.Read.All
  • App registrations – – “Certificates & secrets”
    • Click “New client secret” – copy and save secret value

Modifying the Configuration File

There are several properties in the Orchid Fusion VMS configuration file that will need to be modified in order for Azure Active Directory authentication to work.

*For extra help with the steps below, please refer back to the Installation section that corresponds to the operating system in which you are working.

1. Set the following properties in the Orchid Fusion VMS configuration file:

• authentication.azure.active.directory.clientid=<applicationid>
  • Replace <applicationid> with the Application ID assigned to your App when you registered it with Azure Active Directory.
• authentication.azure.active.directory.clientsecret=<secretvalue>
  • Replace <secretvalue> with the secret value you saved after creating it in the Azure portal.
• authentication.azure.active.directory.endpoint=https://login.microsoftonline.com/tenant/oauth2/authorize
  • Replace tenant with the OAuth 2.0 Authorization Endpoint assigned to your App when you registered it with Azure Active Directory.
• authentication.azure.active.directory.domain=</domain>
  • Typically, you will replace </domain> with the domain into which users are signing in.

2. After modifications to the configuration file are complete, restart the Orchid Fusion VMS service, then sign in to Orchid Fusion VMS.

Refer to the Add a Permission Group for Azure Active Directory section of the Orchid Fusion VMS Administrator Guide for instructions on setting Permission Groups for Azure Active Directory groups.