Azure Active Directory 📂

 

For the following part, you need to contact Komodor support to receive the parameters Identifier and Reply URL (we specify below where they are needed).

Start by getting to the Azure Active Directory dashboard in the Azure portal. From there, we navigate to "Enterprise applications": enterprise-applications.png

Next, we click on "New application":

Then, click on "Create your own application":

Fill in the application creation form as depicted below, and click "Create":

This should lead you to the following page, where we set up the SSO connection:

Pick SAML as your preferred SSO method:

This should lead you to the following page, where you click "Edit" on "Basic SAML Configuration":

This is where those parameters that are supplied by Komodor support (above) are required. We fill in the form as follows, and click "Save":

Next, we scroll down to the "SAML Certificates" section. We download the certificate file by clicking on the highlighted link. Then, we copy the "Login URL" under the "Set up Komodor" section:

Both of those need to be sent to Komodor support to finish the setup for the SAML connection to Komodor.

Once the setup is done on both sides, you can click the "Test" button to test that the sign-in works.

 

Role Provisioning 

To assign Komodor roles to Azure AD users we'll be utilizing the App Roles capability.

For each Komodor role, we'd wish to assign to users in Azure AD, we'll have to create a corresponding Azure AD App Role.

Prerequisites:

Creating App Roles

To create app roles, follow the steps below:

Go to "App registrations":

Pick "All applications", and then click the Komodor app:

Next, navigate to "App roles":

Click, "Create app role":

Fill in the form as below.

Note that the value must be the role ID as it appears in Komodor:

Finally, click "Apply". Repeat this for all the roles you wish to add, and you should see them added in the portal, like so:

Assigning Roles to a User

Now that we have created the Komodor app roles, we move on to assign them to a user.

Go back to "Enterprise applications" (explained above), and then pick the Komodor app:

Once there, we click on "Assign users and groups":

Click "Add user/group":

This will allow you to assign a role to a user (or a group, covered below). Simply pick a user:

Next, select a role:

Finally, click "Assign".

Assigning Roles to a Group

Just like we assigned a role to a user, we can assign a role to a group. To that end, we click "Add user/group", and simply pick a group rather than a user this time. We then select a role, and click "Assign".

Having done that, we should see the group with the role assigned to it (we can also see the user who was assigned a role above):

Note that members of a group automatically get assigned the roles that are assigned to the group. It means that since "Alon Glatter" is a member of "Group-1", he will be assigned both "Role-2" and "Role-1" (which was assigned to him via "Group-1").

Sending Role Assignments Over SAML Response

We go to the "Single sign-on" page where we configured the SAML connection to Komodor (above), and click "Edit" on "Attributes & Claims":

We click on "Add new claim":

We then fill in the form like below, and then finally click "Save":

That's it! Next time the user logs in to Komodor via Azure AD, they will have been assigned the roles in Komodor which are respective to the roles they have been assigned in Azure.

Was this article helpful?

0 out of 0 found this helpful

Comments

0 comments

Please sign in to leave a comment.