Integrating Azure Active Directory with SFTP Gateway v3.4.0

Azure Active Directory with SFTP Gateway

Integrating Azure Active Directory with SFTP Gateway

With version 3.004.00, you can now integrate Azure Active Directory with SFTP Gateway’s web admin portal. In other words, web admins can leverage their existing AAD credentials instead of managing another account just for SFTP Gateway.

What is Azure Active Directory?

Azure Active Directory (AAD) is a cloud-based identity and access management service from Microsoft. It serves as a central hub for managing user identities, access rights, and authentication across various Microsoft services and applications, as well as other third-party software that supports standards such as SAML, OAuth, and OpenID Connect. AAD provides a range of features, such as single sign-on, multi-factor authentication, conditional access policies, and identity protection, to help organizations ensure the security of their data and resources.

Summary of the AAD authentication process

Configuring AAD authentication is a process. At a high level, you will be performing three steps:

  • Create an App Registration
  • Grant users in AAD access to this App Registration
  • Point SFTP Gateway to the App Registration
Note: AAD cannot be used for SFTP authentication.

Create an App Registration in the Azure Portal

 

Open the Azure Portal and search for App Registrations.

 

 

Click + New Registration. You will see the following screen:

 

 

Enter a Name for your App Registration.

 

For the Redirect URI, choose Web from the drop-down, and paste in the following URL:
https://<sftp-gateway-hostname/backend/login/oauth2/code/<custom name>
The custom name can be any value you’d like, but make sure to write it down, as you’ll need it later on. Once everything has been configured, click Register.

 

Add users in AAD

 

In the Azure Portal, go to Azure Active Directory.

 

 

By default, all users in your Azure Active Directory will have access and be able to log in with their Azure credentials to SFTP Gateway. If you would like to configure access so that only select users or groups have permissions, follow the instructions below.

 

On the left, click on Enterprise applications.

 

Search for your App Registration’s name that you created earlier. (If it doesn’t show up, choose Enterprise Applications from the drop-down menu.)

 

 

Click on your Application.

 

Navigate to the Properties section on the left sidebar. Set Assignment required? to Yes, and then at the top, click Save. This will make it so any user or group not specifically added to the Application is denied access.

 

 

Next, on the left sidebar, click on Users and Groups.

 

 

Click on + Add user/group.

 

You will see an Add Assignment page. Select the users or groups that you wish to grant access, and then click Assign. These users or groups will now have the needed permissions for the Application and will be able to log into SFTP Gateway using their Azure credentials.

 

Get App Registration IDs

For the next step in integrating Azure Active Directory with SFTP Gateway, SFTP Gateway needs the App Registration IDs. In the Azure Portal, go back to App Registrations.

 

 

Click on the App Registration that you created earlier.

 

On the Overview page, copy and store the Application (client) ID and the Directory (tenant) ID. You will need these values later when creating the Identity Provider in SFTP Gateway.

 

 

On the Certificates & secrets page, under Client secrets, click + New client secret.

 

 

Copy the Value of the new client secret and store it, as you will need it in the next section.

 

Configure the Identity Provider on SFTP Gateway

In the SFTP Gateway web admin portal, go to Settings. Under Identity Providers, click Add new IdP.

For the new Identity Provider, fill in the following fields:

  • Identity Provider Display Name: This is the name for the Identity Provider that will be displayed at the login screen for Web Admin Users.
  • Issuer URI: Paste in this text, https://login.microsoftonline.com/{TENANT_ID}/v2.0. Replace the placeholder value with the tenant ID you copied earlier from the overview page of the App Registration.
  • Client ID: Paste in the client ID you copied earlier from the overview page of the App Registration.
  • Client Secret: Paste in the client secret value you copied earlier from the Client secrets page.
  • Name Attribute: Set this value to name.
  • Registration ID: Use the custom name you made for the Redirect URI when creating the Registration App.

 

Test the changes in the web browser

If you are logged into the web admin UI, click the logout button on the top right and then refresh the browser.

On the login page, you should see the following link toward the bottom with the Display name you configured.

 

 

You will be redirected to login.microsoftonline.com to enter your Azure credentials.

Once logged in, you will be authenticated to the SFTP Gateway web admin portal. You’ve now completed the process for integrating Azure Active Directory with SFTP Gateway. 

For more on integrating AAD with SFTP Gateway, please see the Knowledge Base or our YouTube channel and the video below.

Get insights on SFTP Gateway, cloud computing and more, in your inbox.

Get smarter about all things tech. Sign up now!

Scroll to Top