diff --git a/content/for-administrators/secure-your-cluster/azure-gco-app.md b/content/for-administrators/secure-your-cluster/azure-gco-app.md deleted file mode 100644 index 66af1892..00000000 --- a/content/for-administrators/secure-your-cluster/azure-gco-app.md +++ /dev/null @@ -1,25 +0,0 @@ -# Configuring Azure AD Group Sync Application - -1. To enable sync groups from Azure AD (Microsoft's) account to Stakater Cloud you first have to register an application on Azure. Go to the -1. Open `Azure Active Directory` service -1. On the tab on the left under Manage section click `App Registrations` -1. Click on `New Registration`. Use `group-sync` under Name and click `Register` -![Azure AD](images/azure-ad.png) -1. The GroupSync job requires permissions on the Azure AD tenant in addition to the default ones. For it to work, add the these entries under the ‘API Permissions’ menu item.: - -- `Group.Read.All` -- `GroupMember.Read.All` -- `User.Read.All` - -![Azure App API Permissions](images/azure-permissions-group-sync.png) - -1. Click on the Newly created app `group-sync`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` put *saap-group-sync* and click `Add` -![Certificates and Secrets](images/azure-ad-certificates-secrets.png) -1. Copy the value of the newly created client secret and take note of the `Application (client) ID` and `Directory (tenant) ID` of the `group-sync` app registration from the `Overview` tab. **Send this to Stakater Support** -![Client-Tenant-ID](images/azure-ad-clientid-tenantid.png) - -## Items to be provided to Stakater Support - -- `Application (client) ID` -- `Directory (tenant) ID` -- `client Secret` diff --git a/content/for-administrators/secure-your-cluster/azure-gso.md b/content/for-administrators/secure-your-cluster/azure-gso.md new file mode 100644 index 00000000..04698e13 --- /dev/null +++ b/content/for-administrators/secure-your-cluster/azure-gso.md @@ -0,0 +1,25 @@ +# Configuring Azure AD Group Sync Application + +1. To enable sync groups from Azure AD (Microsoft's) account to Stakater Cloud you first have to register an application on Azure. Go to the +1. Open `Azure Active Directory` service +1. On the left tab under the Manage section, click `App Registrations` +1. Click on `New Registration`. Use `group-sync` under Name and click `Register` +![Azure AD](images/azure-ad.png) +1. The GroupSync job requires additional permissions on the Azure AD tenant. To set these up, add the following entries under the `API Permissions` menu item: + + - `Group.Read.All` + - `GroupMember.Read.All` + - `User.Read.All` + + ![Azure App API Permissions](images/azure-permissions-group-sync.png) + +1. Click on the newly created app `group-sync`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` enter *saap-group-sync*, and click `Add` +![Certificates and Secrets](images/azure-ad-certificates-secrets.png) +1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `group-sync` app registration from the `Overview` tab. **Send this to Stakater Support** +![Client-Tenant-ID](images/azure-ad-clientid-tenantid.png) + +## Items to be provided to Stakater Support + +- `Application (client) ID` +- `Directory (tenant) ID` +- `client Secret` diff --git a/content/for-administrators/secure-your-cluster/azure-idp.md b/content/for-administrators/secure-your-cluster/azure-idp.md index 00edfdf1..44c71945 100644 --- a/content/for-administrators/secure-your-cluster/azure-idp.md +++ b/content/for-administrators/secure-your-cluster/azure-idp.md @@ -2,13 +2,13 @@ 1. To enable login with Azure AD (Microsoft's) account you first have to register an OAuth application on Azure. Go to the 1. Open `Azure Active Directory` service -1. On the tab on the left under Manage section click `App Registrations` +1. On the left tab under the Manage section, click `App Registrations` 1. Click on `New Registration`. Use `saap` under Name. Under Redirect URI section Choose `Web` and enter the Redirect URI (**This will be provided by Stakater Support**) and click `Register` ![Azure AD](images/azure-ad.png) 1. Go to "API permissions" and add the required Microsoft Graph API permissions. Typically, you need `User.Read` and `openid`, `profile`, and `email` permissions. -1. Click on the Newly created app `saap`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` put *saap oidc* and click `Add` +1. lick on the newly created app `saap`. Click `Certificates & secrets` from the left tab. Click `New Client Secret`. Under `Expires` pick any option. Under `Description` put *saap oidc* and click `Add` ![Certificates and Secrets](images/azure-ad-certificates-secrets.png) -1. Copy the value of the newly client secret and take note of the `Application (client) ID` and `Directory (tenant) ID` of the `saap` app registration from the `Overview` tab. **Send this to Stakater Support** +1. Copy the value of the newly created client secret and note the `Application (client) ID` and `Directory (tenant) ID` of the `saap` app registration from the `Overview` tab. **Send this to Stakater Support** ![Client-Tenant-ID](images/azure-ad-clientid-tenantid.png) ## Items provided by Stakater Support diff --git a/theme_override/mkdocs.yml b/theme_override/mkdocs.yml index f6892585..c0a152d9 100644 --- a/theme_override/mkdocs.yml +++ b/theme_override/mkdocs.yml @@ -60,7 +60,7 @@ nav: - for-administrators/secure-your-cluster/secure-routes.md - for-administrators/secure-your-cluster/google-idp.md - for-administrators/secure-your-cluster/azure-idp.md - - for-administrators/secure-your-cluster/azure-gco-app.md + - for-administrators/secure-your-cluster/azure-gso.md - for-administrators/secure-your-cluster/keycloak-idp.md - for-administrators/secure-your-cluster/saml-idp.md - for-administrators/secure-your-cluster/saap-authorization-roles.md