Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION

Azure AD Integration with NAM

Azure AD Integration with NAM

Introduction



This cool solution will provide directions on how to configure NetIQ Access Manager Single Sign-on using Azure Active Directory as your identity provider. To do this configuration you need a Microsoft Azure Active Directory account. Azure Active Directory is Microsoft’s multi-tenant, cloud based directory, and identity management service. Azure Active Directory editions are 3 types, choose premium to try out with a trial version.

Why is this useful?



This allows users to do SSO with Azure Active Directory authentication and seamless access to Enterprise applications or SaaS applications. Users can access Azure Active Directory and access NAM SSO with other applications without additional login. Azure Active Directory allows to create local user to Azure Active Directory. Those users can authenticate to Azure Active Directory and authenticate with NAM to access additional services. NetIQ Access Manager supports Risk Based Authentication and strong authentication using Advanced Authentication Framework can be combined with SAML2 process to secure services.

Goal of this solution



NetIQ Access Manager provides documentation which lists steps on how to configure SAML2 Identity Provider.

Microsoft’s Azure Active Directory documentation provides information on how to configure application and its Single Sign-on settings.

This Solution will guide you with the basic steps to setting up NAM as a Service Provider and Azure Active Directory as an Identity Provider.

This cool solution consists of two main building blocks:


  1. Adding NetIQ Access Manager as Managed SaaS Application

  2. Configuring and testing Azure Active Directory single sign-on



Adding NetIQ Access Manager as Managed SaaS Application



To configure the integration of NetIQ Access Manager into Azure AD, you need to add NAM to your list of managed SaaS apps.

Configuration steps


  1. Gather Azure AD login credentials or sign in for trial

  2. Login to Azure at https://portal.azure.com

  3. Click on “Azure Active Directory” from the left side menu

  4. Click on “Enterprise applications”

    1

  5. Click on “New application” or right click on right pane and select “New Application”

    2

  6. Select “Non-gallery application”

    3

  7. Provide “Name”

    as4


  8. Application is created



Configuring and testing Azure AD single sign-on



In this section, you configure and test Azure AD single sign-on with NAM, you need to complete the following building blocks:


  1. Configuring Azure AD Single Sign-On – to enable your users to use this feature

  2. Creating an Azure AD test user – to test Azure AD single sign-on

  3. Configuring NetIQ Access Manager Single Sign-On – to enable single sign-on within NAM

  4. Assigning the Azure AD test user – to enable test user to use Azure AD single sign-on

  5. Testing Single Sign-On – to verify whether the configuration works



Configuring Azure AD Single Sign-On


In this section, you enable Azure AD single sign-on in the Azure portal and configure single sign-on in your NAM application

To configure Azure AD single sign-on with NAM, perform these following steps:


  1. In the Azure portal, on the NAM application integration page, click on “Configure single sign-on (required)” or “Single sign-on” on left side menu.

    as5

  2. Select “Single Sign-on Mode” as “SAML-based Sign-on”

    as6


  3. Enter “identifier” value as NAM entitID “https://www.idp.com/nidp/saml2/metadata”

    as7

  4. Enter “Reply URL” value as NAM assertion consumer URL “https://www.idp.com/nidp/saml2/spassertion_consumer”

  5. Select checkbox “View and edit all other user attributes” and view what attributes are sent with assertion.

    as8

  6. Download Metadata XML

    as9


  7. Click on Configure “NAM-test” for more help on federation information



Creating an Azure AD test user



The Objective of this section is to create a test user in the Azure portal


  1. On the left navigation pane in the Azure Portal, click Azure Active Directory

  2. Click on Users and groups

    as10


  3. Click on “All users”

    as11


  4. Click on “New User”

    as12


  5. On the User dialog page, enter test user information

    as13


  6. Click on “Create”



Configuring NetIQ Access Manager Single Sign-On




  1. Open downloaded metadata xml file from previous setups of “Configuring Azure AD Single Sign-On“

  2. Remove / delete RoleDescriptor tags and make sure only EntityDescriptor and IDPSSODescriptor tags exists

    as14


  3. Save modified metadata xml file

  4. Login to Access Manager admin console

  5. Edit cluster configuration navigate to SAML2 tab

  6. Click New and select identity provider

  7. Select “Metadata Text” as source from drop down list

  8. Enter name for this IDP

  9. Copy paste the metadata from modified metadata xml file at previous step

    as15


  10. Click next and ok

  11. Select just now created Identity provider from the list under SAML2 tab

    as16


  12. Navigate to “Authentication Card” and select “Authentication Request”

  13. Modify the “Response protocol binding” to “Post”

    as17


  14. Click OK and update IDP Configuration

Assigning the Azure AD test user




  1. In the Azure portal, open applications view, and then navigate to the directory view and go to “Enterprise applications” then click “All applications”

    as18

  2. In the applications list, select NAM

    as19


  3. In the menu on the left Click on “Users and groups”

    as20


  4. Click “Add user”, then select “Users and groups” on “Add Assignment”

    as21


  5. Select user from existing list or create a new user going back to left side menu “more services” filter by users

    as22



  6. Click “Assign” button on “Add Assignment” dialog.



Testing Single sign-on




  1. Access Access Manager Portal page https://www.idp.com/nidp/

  2. Select Authentication card for Azure IDP

  3. On redirect to Azure enter test user credentials

  4. Azure IDP Sends SAML2 Assertion response to NAM and shows federation login page, Enter login user credentials to map to local user, if one don’t want user identification rule has to be created with Azure IDP configuration of NetIQ Access Manager.



References



Please share your comments!!

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2017-10-23 22:14
Updated by:
Micro Focus Contributor
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.