It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda Content Shield

Microsoft Azure Active Directory Support for Single Sign-On

  • Last updated on

Microsoft Azure Active Directory (Azure AD) enables single sign-on/authentication for devices, apps, and services for users located almost anywhere. If you want to synchronize Barracuda Content Shield (BCS) users with your Azure AD instead of with your local LDAP/AD, follow the steps in this article. Barracuda supports associating device identities with Azure AD using the Hybrid Azure AD (Hybrid AAD) join method for federated domains.  

This article assumes that the Hybrid Azure AD join has already been set up and configured. In order for the Barracuda Web Filtering Component (WFC) of the Barracuda Content Shield Suite to identify users and sync relevant policies at the endpoint, Azure AD needs to be configured on Barracuda Cloud Control (BCC). To do so, follow these steps:

Step 1. Log into your BCC account using your BCS credentials. Click Add Directory, and then select Azure Active Directory. A pop-up window opens as shown below:

Create Directory Azure.png

Step 2. Enter the relevant directory name and click Connect to Microsoft . You will be redirected to log in with your Microsoft account. After logging in, you should see the following screen to grant access permissions to Barracuda Networks. Click Accept.


Azure AD Permissions.png

After the Azure AD has been added on BCC, it will show up in the Directories section of your BCC account page.

AzureAD Directories.png

Step 3. After the automatic Sync is completed, you will see a Success message with the time of the last sync. Click VIEW GROUPS to verify if the Groups have synchronized successfully as shown below:

Azure AD LDAP Groups page.png

Step 4. Make sure that the Barracuda WFC on the endpoint machine is able to detect Users/Groups and apply relevant policies.

  1. Log into BCS and go to the USERS page.
  2. Click Directory Services next to Configure users.
  3. Log out of BCS.
  4. Log in as an LDAP user on the client PC, which is joined to the on-premise AD, and verify that user-specific (if configured) policies are applied. You should be able to see the user traffic on the WEB FILTERING LOGS page in the Barracuda Content Shield service.

To finalize the Hybrid AAD Connect setup, follow the additional steps described here:

For details on how to setup the Hybrid Azure AD join, see Microsoft documentation at