We use cookies on our website to ensure we provide you with the best experience on our website. By using our website, you agree to the use of cookies for analytics and personalized content.This website uses cookies. More Information
It seems like your browser didn't download the required fonts. Please revise your security settings and try again.
Barracuda CloudGen Firewall

Attention

Barracuda CloudGen Firewall version 8.0 is a cloud-only version. It is currently not available for on-premises deployments and can only be deployed in Microsoft Azure, Amazon Web Services, or Google Cloud Platform public clouds.

How to Configure MSAD Authentication Against Azure Active Directory

  • Last updated on

Azure Active Directory is a secure, cloud-based authentication store that lets you create users, groups, and applications that use authentication mechanisms such as MSAD. To configure MSAD authentication against Azure Active Directory, create your domain on the Azure Portal and define users who should be able to manage it. Then, activate Secure LDAP access over the Internet.

Step 1. Add Your Domain to the Azure Portal

Enable Azure AD Domain Services and add your domain.

  1. Log into the Azure Portal: https://portal.azure.com
  2. In the left menu, click Create a resource.
  3. In the search field, type domain and select Azure AD Domain Services.
  4. Click Create. The Azure AD Domain Services configuration opens.
  5. In the Basics blade:
    1. Enter the DNS domain name for your domain.
    2. Select your Subscription, Resource group, and Location.
      az_ad_01.png
  6. Click OK. In the Network blade:
    • Select or create the Virtual network (VNET).
    • Select or create a Subnet for the service.
      az_ad02.png
  7. Click OK. The group AAD DC Administrators will be automatically created.
  8. Click AAD DC Administrators. The Members blade opens.
  9. Click + to add the users and / or groups that should be able to manage the created domain.
    az_ad03.png
  10. Click OK. The Synchronization blade opens.
  11. Select the scope of the users for domain synchronization.
    az_ad04.png
  12. Click OK. The Summary blade opens.
    az_ad05.png
  13. Double-check your settings and click OK to finish the configuration. The Azure AD Domain Services will now be deployed.

It can take up to an hour until the deployment is completed.

Step 2. Verify the Domain and Configure a Service User

After the deployment has succeeded, add and verify the domain to your Azure AD from the Azure Default Directory - Custom domain names.

  1. Go to your domain.
    az_ad06.png
  2. Configure a TXT or MX record on your domain register to verify the domain.
    az_ad06a.png
  3. From Users on the left panel, add a service user to the domain.
    az_ad07.png
  4. Add the user to the Azure Admins Group.
  5. After adding user login with this user, change the Password.

It is recommended to set the service user password not to expire.

Step 3. Activate LDAPs

  1. Go to Azure AD Domain Services > your managed domain.
  2. Update / configure the DNS settings.
    az_ad08.png
  3. In the left menu, click Secure LDAP.
  4. Enable Secure LDAP.
  5. Enable Allow Secure LDAP access over the internet.
    In this case, you will require a certificate for your domain. The certificate can be obtained from the root CA. Alternatively, a self-signed certificate can be used. For detailed information on how to create a self-signed certificate, refer to the Microsoft documentation: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/configure-ldaps

    Recommendations:

    • Use TripleDES-SHA1 encryption. Also make sure the password has at least 8 characters.
    • The name should only include *.pfx suffix. For example, do not use pmcuda.com.pfx. This will fail with incorrect password.
  6. Add the certificate to activate LDAPs.
    az_ad09.png
  7. The public IP and the associated NSG you need to point the CloudGen Firewall to can be found in Properties:
    az_ad10.png
  8. Set up the Network Security Group (NSG) according to your needs. Add at least port 636 to allow access via LDAPs for the on-premises CloudGen Firewall.

Step 4. Configure LDAP Authentication on the CloudGen Firewall

  1. On the CloudGen Firewall or Control Center, go to Authentication Service > LDAP Authentication.
  2. Configure the LDAPs using MSAD attribute settings according to this example: 
    az_ad11.png
  3. Click OK.
  4. Click Send Changes and Activate.

For more information, please refer to the Microsoft documentation: https://docs.microsoft.com/en-us/azure/active-directory-domain-services/create-instance

Last updated on