It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

How to Configure Azure AD Client Authentication

  • Last updated on

Microsoft Entra ID (formerly Azure Active Directory) is the identity provider responsible for authenticating users accessing web applications hosted in the Microsoft Azure cloud. Microsoft Entra ID is a directory service that allows authentication and authorization of network users by providing single sign-on, conditional access, and multifactor authentication to help secure corporate network assets and protect against a wide range of cybersecurity attacks. For CloudGen Firewalls deployed in the Microsoft Azure cloud, you can configure the authentication service to sync group information for users with Microsoft Entra ID credentials.

Before You Begin

  • You need a CloudGen Firewall deployed in the Microsoft Azure cloud. For more information, see Microsoft Azure Deployment.
  • Locate the directory (tenant) ID, application (client) ID, and client secret. To do so:
    1. Log into the Azure portal, and navigate to Microsoft Entra ID (formerly Azure Active Directory).
    2. In the left menu, select App registrations.
      az_ad_nav.png

    3. Select the Microsoft Entra ID app you wish to find the IDs for.

    4. Click the Copy to clipboard icon next to Application (client) ID and Directory (tenant) ID, and paste the values to a file.
      copy_id.png
    5. In the left menu, select Certificates & secrets.
      cert_menu.png

    6. Copy and paste the value of the Client secret.

Configure Azure AD Client Authentication for Microsoft Entra ID

  1. Go to CONFIGURATION > Configuration Tree > Box > Infrastructure Services > Authentication Service.
  2. In the left navigation pane, select Azure AD Client.
  3. Click Lock.
  4. Select Yes for Activate Scheme to enable the external directory service.
  5. In the Tenant ID field, enter the unique identifier of your Microsoft Entra ID instance.
  6. Enter the application (client) ID in the Client ID field.
  7. Enter the Client Secret.
  8. In the Group Filter Patterns table, you can add patterns to filter group information from the directory service.
    Example: 

    • Group Filter Pattern: *SSL*
    • User01: CN=foo, OU=bar, DC=foo-bar, DC=foo
    • User02: CN=SSL VPN, DC=foo-bar, DC=foo

    In this example, User01 does not have the *SSL* pattern in its group membership string and will not match in group-based limitations.

  9. Click OK.
  10. Click Send Changes and Activate.