Follow

Azure OAuth

This article will detail how you can use Azure OAuth with your FTP Today account.

You will need two browser windows/tabs for these steps.

Create the Identity Service at FTP Today

Log into your FTP Today Site.  Navigate to Settings > Authentication > Identity Service. Click on Add Service.

image001.png

Enter a name for the New Service and select “Azure OAuth” as the provider and Save.

image002.png

Create the Application at Azure

On your FTP Today Site, locate the IdP configuration information.

image003.png

Log into your Azure AD site. Navigate to Applications and select App Registrations.

image004.png

Enter a name for the application, leave the remaining values at default and Register.

image005.png

Download the logo from your FTP Today Site. On your Azure AD site, select Branding and upload the logo. Copy the Home page URL from your FTP Today site to the Azure AD site and Save.

image006.png

Select Authentication, Add a platform and then Web.

image007.png

Copy the Redirect URI and the Logout URL from your FTP Today site to Azure AD and Configure.

image008.png

Select Certificates & secrets and New client secret.

image009.png

Enter a name, select Never and Add.

image010.png

Configure the Identity Service at FTP Today

On your Azure AD site, select Overview and locate the Client ID, then select Endpoints.

image011.png

Locate the OpenID Connect metadata document.

image012.png

 

On your FTP Today Site, select “I want to use a Well-Known URL to set this configuration”. Copy the URL from the Azure AD site to the Well-known configuration URL field. Copy the Client ID from the Azure AD site to the Client ID field.

image013.png

On your Azure AD site select Certificates & secrets. Locate the Client Secret.  (If the value is not visible, you will need to delete and recreate the secret.)

image014.png

Copy the Client secret to your FTP Today Site and Save.

image015.png

Assign the user to the application at Azure AD

In Azure AD, navigate to Enterprise Applications.

image016.png

Locate and select the application you created.

image017.png

Select Users and groups and Add user.

image018.png

Select Users and groups and then select the user to assign, then Select.

image019.png

Select Assign.

image020.png

Add the user at FTP Today

In your FTP Today site, navigate to the Users area and select Add User.

image021.png

Enter the Azure AD primary name as the user name in your FTP Today Site.  Complete the rest of the fields as needed and Save.

image022.png

Azure AD supports an advanced security feature that offers further user verification. You may register the user with a unique identifier from Azure AD.  In addition to matching the User Name to identify the user, we will match the Azure AD Object ID for that user. 

When setting up the user, navigate to the user at Azure AD, select Profile and locate the Object ID. Copy that value.

image023.png

Include that value as the IdP User Unique Identifier when you create the user.

image024.png

If the user already exists in your FTP Today site, you may change these settings on the Authentication tab for the user.

User access through FTP Today

Navigate to the site and enter the username and click Next.

image025.png

There will be a brief “Authenticating” message. 

image026.png

If the user does not have an open session with Microsoft, they will have to authenticate.

image027.png

The user may be asked to approve the application.

image028.png

The user will now be logged into your FTP Today Site.

User access at Azure AD.

Access the Microsoft My Applications portal.  On the home screen, the user can click on the FTP Today application.

image029.png

Ending the session

When done, the user may log out of the FTP Today site or allow the session to expire.  This will not log the user out of Azure AD or any other services authenticated through Azure AD. 

The user may also log out of Azure AD which will log the user out of your FTP Today Site. This will not close the browser window, but any action taken in the browser window will fail. After a short period, the browser window will reload to the login page.

The session timeout on the FTP Today Site may log the user out of the site even if they are still logged in at Azure.  In that case, after reentering their username they will be immediately authenticated to the site.