Setting Up Azure AD for Authentication

Introduction

In this guide, we will show how to set up app registration in Microsoft Azure.

Step 1: Access Azure Portal

Go to https://portal.azure.com and click on Azure Active Directory

“Microsoft portal”

Step 2: Add App Registration

Click Add -> App registration

“Microsoft app registration”

Step 3: Configure App Registration

Depending on the application you’re setting up, follow the appropriate instructions for Factry Historian or Grafana.

Factry Historian
  • Fill in the name of the application and select the supported account types (we suggest choosing the first option - Single tenant).
  • Fill in the redirect URI being the base URL + /api/auth/name/callback and replace name with the name you will give the authentication provider you will configure in Factry Historian. E.g if you name it MyMicrosoft, the redirect URI looks like this: https://historian.mycompany.local/api/auth/MyMicrosoft/callback.
  • The base URL should be the exact same URL as configured under Configuration -> Server Settings -> General -> BaseURL in Factry Historian and must be a fully qualified domain name on which the Factry Historian web application is reachable. If the BaseURL setting needs to be changed, a restart of Historian is required for this change to take effect.
  • When name and redirect URI are filled in, click Create.

“Microsoft app registration details”

Grafana
  • Fill in the name of the application and select the supported account types (we suggest choosing the first option - Single tenant).
  • Fill in the first redirect URI being the root URL + /login/azuread and the second redirect URI being just the root URL. E.g the redirect URIs might looks like: https://<YOUR-GRAFANA-DOMAIN>/login/azuread and https://<YOUR-GRAFANA-DOMAIN>. Replace <YOUR-GRAFANA-DOMAIN> with the fully qualified domain name where your Grafana instance is accessible.

    Note:This domain should match the root URL Grafana uses (i.e. the root_url setting in grafana.ini file). Make sure this URL is publicly accessible if you’re using Azure AD for user login.

  • When name and redirect URI are filled in, click Create.

&ldquo;Microsoft app registration details&rdquo;

Step 4: Application/Directory ID and Client Secret

Note the Application (client) ID and the Directory (tenant) ID. These values will be used when creating the authentication provider in Factry Historian/Grafana. Next click Add a certificate or secret. Under client secrets click on New client secret

&ldquo;Microsoft details&rdquo;


&ldquo;Microsoft new secret&rdquo;

Step 5: Expiration

Enter a name and expiration date for the client secret and click Add. Note the value of the generated client secret.

&ldquo;Microsoft client secret&rdquo;


&ldquo;Microsoft client secret value&rdquo;