Add an Identity Source to Connect Azure Active Directory to the Cloud Authentication Service[1]

Document created by RSA Information Design and Development on Aug 18, 2017Last modified by RSA Information Design and Development on Nov 22, 2019
Version 25Show Document
  • View in full screen mode

Add an identity source to allow Microsoft Azure Active Directory to periodically send user information to the Cloud Authentication Service. The Cloud Authentication Service uses this information during authentication and device registration.

Before you begin 

  • You must be a Super Admin in the Cloud Administration Console.

  • Understand how identity sources work for Azure Active Directory. See Identity Sources for the Cloud Authentication Service

  • Obtain the Tenant URL from the Azure Active Directory deployment to which you are connecting.

  • Make sure your identity router software is up-to-date so you can take advantage of new features and avoid connection problems.

Procedure 

  1. In the Cloud Administration Console, click Users > Identity Sources.

  2. Click Add an Identity Source.

  3. Click Select next to Azure Active Directory.

  4. In the Identity Source Name field, enter a name for the identity source.

  5. (Optional) In the Description field, enter a description for the identity source.

  6. In the Tenant URL field, enter the Tenant URL from your Azure AD deployment.

  7. Click Generate Secret Token. The Azure Active Directory deployment will use this token to identify the Cloud Authentication Service.

  8. Click Next Step.

  9. The Map User Attributes page lists the user attributes that are mapped between Azure Active Directory and the Cloud Authentication Service. The mappings are read-only. You can manually override a phone number received from Azure Active Directory by entering a different phone number on the User Detail page (Users > Management).
    • The SMS Tokencode Phone Number (Optional) field contains the Azure Active Directory attribute used to identify a user's mobile phone number that can receive text messages for SMS Tokencode. Use the dropdown-list to select the phone type that will receive the SMS Tokencode.
    • The Voice Tokencode Phone Number (Optional) field contains the Azure Active Directory attribute used to identify a user's phone number for Voice Tokencode. Use the dropdown-list to select the phone type that will receive the Voice Tokencode.
  10. Click Save and Finish.

  11. Click Publish Changes to activate the settings immediately.

    Note:  You must publish changes before your Azure Active Directory server can use the Secret Token.

After you finish 

Provide the Secret Token to your Azure Active Directory administrator.

 

 

We want your feedback! Tell us what you think of this page.

Next Topic:Placeholder 21
You are here
Table of Contents > Product Documentation and Support > placeholder 17

Attachments

    Outcomes