Background

Some CentreStack tenants may already be using Office 365/Azure AD and wish to use their Azure AD credentials for signing onto CentreStack. This article describes how a CentreStack tentant can be configure such that users authenticate using their Azure AD credentials. 

Configuration

1. Sign into https://portal.azure.com as the Azure AD tenant global administrator.
2. Click on Azure Active Directory in the left most blade then click on App registrations in the next blade:
   
3. Click New application registration in the next blade:
4. In the App registrations blade set:
   1. Name: Something meaningful such as the name of the tenant in CentreStack
   2. Application Type: Native
   3. Redirect URI: Any arbitrary but valid URI. The recommendation is to use the actual URL of the CentreStack host plus the tenant name. In this way, it should be more clear as to the purpose of this App registration.
      
   4. Once the options are set, click the Create button at the bottom of the blade.
   5. Click the Settings button in the Register app blade:
      
   6. Click the Required permissions in the Settings blade:
      
   7. Click the Add button:
      
   8. Click Select an API:
      
   9. Click Microsoft Graph then click the Select button at the bottom of the Select an API blade:
      
   10. Enable the following settings then click the Select button at the bottom of the Enable Access blade:
       
       1. Sign users in
       2. View user's email address
       3. View user's basic profile
          
   11. Click the Done button at the bottom of the Add API access blade:
       
   12. Click the Grant Permissions button in the Required Permissions blade:
       
   13. Click the Yes button:
       
   14. Close the Required Permissions blade.
   15. Close the Settings blade.
   16. In the Registered app blade, copy the Application ID to the clipboard and paste it into a text editor. It will be used later.
       
   17. Close the Registered app blade.
   18. NOTE: At this point you may find that the App registrations blade does not display the app you just created. To display the app change the drop down from My apps to All apps:
       
   19. In the Azure Active Directory blade, click Properties then copy the Directory ID to the clipboard and paste it into the text editor. This is the Tenant ID for the Azure AD tenant :
       
   20. Sign into the CentreStack server's management portal as a cluster or tenant administrator.
   21. Click on the CentreStack tenant to be associated with Azure AD.
   22. Click on GROUP POLICY:
       
   23. Click Account & Login:
       
   24. Click Azure AD:
       
   25. Click the Enable Authentication via Azure AD option, then:
       1. Domain Name: The Tenant ID copied from the Azure portal.
       2. Native Application Client ID: The Application ID copied from the Azure portal
       3. Click the Save button at the bottom right of the page.
       4. In the Tenant Dashboard, add a new Native user where the email address is identical to a user in the Azure AD tenant. The password can be anything it won't be used. 
       5. Sign into the CentreStack web portal using Azure AD account that was added as a Native user.
       6. Download and install the Windows client. 
       7. Logoff in the Windows client and log back in using the Azure AD account credentials.