Skip to main content

IdP Setup: Microsoft Entra ID

What

Before we can use AzureAD for authentication from FileWave, we must create a new application in the Azure Portal and give FileWave access to it.  The whole purpose of this configuration is to give FileWave permissions to talk to your Microsoft Entra ID environment.

When/Why

This configuration is required if you want to use AzureAD for authentication during device enrollment or during login to the FileWave Web and Native administrator consoles.

How

The configuration for access is all driven through an Microsoft Entra ID application, so we need to start with:

Part 1: Login to Microsoft Entra ID Portal

First, we'll login to Microsoft Entra ID at portal.azure.com with an administrator's account and click on Microsoft Entra ID as shown:

AzureSetup1.png

And make note of the domain info shown below:

AzureSetup2.png

It is a good idea to take all of these elements and label/paste them into a document you store securely.   Although we'll use them to configure FileWave, you can't access many of them from FileWave once they are stored.

Part 2: Create an App

Now we have to create an app for FileWave to talk to, and assign some right to it.  First go to the app registrations menu, then click "new registration":

AzureSetup3.png

Specify a name for your app that is meaningful to you, and Register the app (we'll set the login URIs later).

AzureSetup4.png

Part 3: Add a Platform and URI Addresses

Within the app configuration, we'll choose Authentication, then Add a Platform, of type Web:

AzureSetup5.png

And for the web configuration, we'll need to copy some address from your FileWave server.  You'll get them from the WebAdmin, Settings:, New AzureAD IDP, and then Get URLs as shown

AzureSetup6.png 

Then choose an Microsoft Entra ID IDP Provider

AzureSetup7.png 

You can add a name now (or later), but you'll get the URLs from the "Get URLs" button:

AzureSetup8.png    AzureSetup9.png

So now we'll enter one of the redirects, and click configure:

AzureSetup10.png

And then add the other two from here:

AzureSetup11.png

Make sure to hit Save at the top after you have entered all three.

Part 4: Cert & Secrets

Now we are going to go to Certificates & Secrets to provide a way for FileWave to authentication to our new application.  Click on New client secret

AzureSetup12.png

Then we give it a descriptive name:

AzureSetup13.png

And then we'll want to get a copy of the Client Secret, and this is the ONLY time you can copy it.

AzureSetup14.png

Lastly, we get the The Client ID, you get from the overview page:

AzureSetup15.png

Each of the relevant values then gets copied into the FileWave config below:

AzureSetup16.png

You'll check the checkbox for "Admin" if you want to be able to use AzureAD for login to the FileWave admin with AzureAD, and "Enrollment" if you want to use it for Apple device enrollment authentication.  Note that multiple IDPs can be used for admin login, but only one for device enrollment. 

Part 5: App Permissions

Now we have to give our app permissions to read the directory so that it can pull group information into FileWave for browsing and rights assignment. 

So, we'll go to the App Permissions section and start Adding Permissions

AzureSetup17.png

Our permissions are going to be for Microsoft Graph

AzureSetup18.png

We'll start with an application permission:

AzureSetup19.png

For Group Read All AND User Read All (not shown, but you can pick two at once):

AzureSetup20.png

Then we'll add more permissions, but "delegated permissions" for open id and profile as shown:

AzureSetup21.png

Our permissions then should look like this when we have them all

AzureSetup22.png

And then we just need to click Grant Consent to finish with the permissions

AzureSetup23.png

When they show as green, we are all done!

AzureSetup24.png

Part 6: App Registration Renewal

At some point the Certificate of the App will expire and a new certificate should be generated.

From the App Registration view, expired certificates may be observed

AzureSetup25.png

For renewal, click on the Display Name of the App, followed by 'Create a new one ->'

AzureSetup26.png

Then generate a 'New client secret' similar to part 4 of this KB.

  • Add a description
  • Copy the Secret ID

This time though, Edit the current IdP in FileWave Anywhere:

  • Open Settings in the FileWave Admin
  • Choose Edit from the selected IdP
  • Paste in the new Client Secret and 'Save'

The old, expired certificate may be deleted from within the Azure portal.

Related Content