Thulium enables integration with Active Directory within Microsoft Azure to control access to the Thulium system within the Domain.
Scope of integration#
- Users can log into the Thulium system using the OpenID Connect mechanism provided by Microsoft Azure,
- OpenID Connect allows the authentication of any Azure account, but once the token is received, its issuer is verified,
- The system uses OpenID through a public application registered by Thulium,
- Identification of Users in the Thulium system is based on the "User name" field in Active Directory. This field is the login of a given User, so it cannot be empty. The value of this field must be unique for each User.
Step by step#
- Thulium application registration in Azure.
The Thulium application automatically registers with the customer's Azure AD directory service the first time any User from the organization logs into the Thulium system, using Azure OpenID Connect.
By automatically adding the service to Azure AD, any person in the organization could authenticate on the system. It is therefore recommended that you restrict access to the system before enabling authentication with Azure.
Configuration should proceed in the following order:
a) From the Azure Active Directory main menu, select the Enterprise applications tab:
b) Thulium application should appear in the list of applications:
c) After going to the application's settings, enable the requirement for direct login privilege assignment:
d) Next, on the Users and groups tab, add application permissions to the group whose members are to have access to the application:
- Integration with Microsoft Azure in Thulium.
a) Authentication integration with Microsoft Azure should be launched in Administration → Advanced → Integrations from the group: