Azure Active Directory

Azure Active Directory is Microsoft's enterprise cloud-based identity and access management (IAM) solution. It can be used to access your LogScale repositories. Microsoft365 also uses this interface, for more information see Microsoft 365 E-mail Package.

Integrating Azure AD with LogScale

To integrate Azure AD with LogScale, you'll need to create a group and an application in Azure Active Directory.

  1. Sign in to the Azure portal and choose the Azure Active Directory card:

    Azure Active Directory

    Figure 257. Azure Active Directory

  2. Open Groups and click New group: here you create the groups that will be added later in LogScale for synchronization. For example, you can create a logscale_admin group.

    Groups in Azure AD

    Figure 258. Groups in Azure AD

  3. Open Enterprise Applications and click New application:

    Enterprise Applications in Azure AD

    Figure 259. Enterprise Applications in Azure AD

  4. From the Browse Azure AD Gallery page:

    • Click + Create your own application

    • Enter a name for the app, e.g., logscale_idp

    • Choose Integrate any other application you don't find in the gallery option

    Create your application in Azure

    Figure 260. Create your application in Azure

  5. Click Create: your application is now added successfully.

  6. In the new application page, click Single sign on and then choose SAML as your single sign-on method:

    Select SAML single sign-on

    Figure 261. Select SAML single sign-on

  7. In the Basic SAML Configuration window:

    • Set Identifier (Entity ID) to $YOUR_LOGSCALE_URL/api/v1/saml/metadata

    • Set Reply URL to $YOUR_LOGSCALE_URL/api/v1/saml/acs

    • Leave Sign on URL and Relay State blank.

    Basic SAML Configuration settings

    Figure 262. Basic SAML Configuration settings

  8. In the SAML-based Sign-on page of your newly created application, copy Login URL, Azure ID Identifier and the text of the Certificate (Base 64) and note them down, as you will need to copy them later in LogScale.

    SAML-based Sign-on information

    Figure 263. SAML-based Sign-on information

  9. Click + Add a group claim and select which groups you want to be associated with the users e.g., Security Groups:

    Add a group claim

    Figure 264. Add a group claim

    From this same page:

    • Click the first claim Unique User Identifier to assign users to LogScale on the IDP side.

    • Copy and note down the claim as you will need it later to synchronize your group in LogScale.

  10. In the Manage claim window, ensure that Name identifier format and Source are set as in figure below:

    Manage claim

    Figure 265. Manage claim

  11. Still in the Manage claim window, click under Scoped Groups to select the new group and assign user type (e.g. Members, Admin) and user.mail as the value:

    Add user types to group

    Figure 266. Add user types to group

Configuring LogScale to use Azure AD

You finished configuring Azure AD to work with LogScale. Now, you need to configure LogScale to work with Azure AD.

  1. Go to LogScale and from your avatar profile click Organization SettingsIdentity ProvidersAdd IDP Configuration pull-down menu → SAML 2.0 (find more details on how to configure SAML at Configuring SAML for LogScale Cloud).

  2. In the Configure SAML 2.0. integration page, fill in the information as required (see an example in Figure 267, “Example Configuration in LogScale”) . In particular:

    • Identity provider single sign-on URL — enter the value of Login URL that you have previously copied from Azure AD (as seen in Figure 262, “Basic SAML Configuration settings”).

    • Identity provider entity ID — enter the value of Azure AD identifier that you have previously copied from Azure AD.

    • X.509 certificate — paste the text of Certificate (Base 64) found in Azure AD, which you should have previously downloaded and copied.

    • Enable debugging — recommended, allows to store debug logs in a LogScale repository to monitor the activity between the IDP and LogScale, see LogScale Debug Logs.

    • User attribute — populate with that you have previously copied from Azure AD.

    • Let identity provider handle group memberships in Falcon LogScale — check the box and populate the field with (this is needed to pass AD Groups you've previously created to LogScale).

    • Default IDP — check the box if you want to set the Azure AD as the primary external Identity Provider. In this case it is good practice to disable other external identity providers that you are not using; you can do so individually on each provider from Identity Providers.

    • Automatically create users on login — check the box to allow users to appear in LogScale after their first sign-in.

    Configuration in LogScale

    Figure 267. Example Configuration in LogScale

  3. Now you need to align the Azure AD groups' Object ID in LogScale: go back to Azure AD and from your group's page, copy the Object ID:

    Copy Object ID from Azure AD

    Figure 268. Copy Object ID from Azure AD

  4. In LogScale, first create the group manually (provide a name that is similar to the group name set in Azure AD) and then paste the Object ID into the Mapping Name field, under the External provider tab:

    Mapping Name

    Figure 269. Mapping Name

Refer to Azure portal for more information on SAML 2.0 integration.

Also refer to Configure LogScale for Self-Install documentation section.

To use SAML with LogScale Cloud, go to the Configuring Identity Providers for LogScale Cloud documentation page.

See the Azure Active Directory Documentation for more information on Azure AD.