Hello Dojo!
Looking for some SSO/AzureAD expertise, if someone can advise on the following please;
Q: We don't have the Azure AD element from this doc in our XML, but it works so is it required? And what are we missing out when its not there?
Hi Wil,
There are indeed 2 things you can do with AzureAD. The first is using AzureAD for authentication, I guess that's what you're already doing, being able to log in with your Azure AD account in DataMiner. The second thing is related to provisioning your users and groups in DataMiner. If you want to be able to pick an existing user or group from AzureAD in the Users and Groups page of System Center in Cube, you need to make sure DataMiner can connect to AzureAD to query the existing users and groups. Alternatively, you could use auto-provisioning or manually add them.
If you want to configure and use this second part, you need to configure the XML you mentioned and basically tell DataMiner how it can connect your AzureAD. Note that the username/password is no longer needed, now it's using a client secret since 10.2.0.
I hope this clarifies the use case for this config. Let us know if you have any additional questions.
Bert
We will be fully implementing this in our systems
Thank you Bert that helped a lot, indeed authenticating using SAML, which is then creating the user(s) in the system and matching the groups in Azure with Dataminer (manually added).