Anchor - Azure AD Integration
1. Introduction
In the current architecture, Anchor has the means to sync existing Windows Server Active Directory objects to an Azure Active Directory using Azure AD Connect. Once the objects are synced to your Azure AD, a simple Enterprise Application on Azure AD allows Anchor to Authenticate and Authorize users.
2. Setup
This section will help you set up an Enterprise Application on Azure AD assuming you already have Azure AD connect setup. If you are looking to set up Azure AD connect please follow this guide.
a. Azure Enterprise Application:
i. Login to Azure Portal. Login to your Azure Portal with Admin Credentials or with a user who has permissions to create an Enterprise Application.
ii. Navigate to Azure Active Directory Window from the sidebar menu as shown below.
iii. In the Azure Active Directory page locate Enterprise Applications in the options, click on it
iv. You should see all the applications that are currently set up on your domain. Now, click on the New Application button as shown below.
v. In the next window, click on the Application you’re developing option.
vi. When you click on the Application you’re developing option, it will open a small window on the side as shown below. Please
select the option highlighted in the screenshot.
vii. The App Registrations page will open up. Now, click on the New Registration button.
viii. On Register an Application page, please give an appropriate name for the App and hit Register.
ix. After you hit register, the app will be registered and the new app overview page will open. On this page make a note of the ClientID and Tenant ID.
x. On the app overview page, click on the Certificates and Secrets button from the menu bar. Now, click on the New Client Secret
button, give an appropriate name and expiration period when it prompts and click Add.
xi. Make a note of the client secret you created in the previous step and share it with hari@datanchor.io along with Client ID and Tenant ID.
xii. Provide API permissions to the newly created App. Click on API permissions from the menu items. Click on Add permission, this will take you to a page with all the possible permissions you can provide an App. Please select Microsoft Graph and then Application Permissions. In the Application Permissions page, you need to select User -> User.Read.All, Group->Group.Read.All, Directory->Directory.Read.All.
Permissions for the Application should look as shown below. Once you verify the permissions please click on Grant Admin consent for anchor.
With the above step, we are done setting up the Application.
Related Articles
Anchor Recovery Drill
Requirements System: Windows 10 or Windows Server 2016 and above Pre-Requisites: Master Key: USB with the Master Key or Master Key obtained securely from Anchor SQLite precompiled binaries for windows: https://www.sqlite.org/download.html Windows ...Anchor User menu and features
This article gives an overview of the user's menu and its features. You will learn: What user permissions are. Which permissions Anchor users have access to. How to access user permissions. What are user permissions? Actions available for users when ...Whitlisting Anchor on Network/Firewall and Antivirus
Whitelist URLs If your apps have access restrictions configured, you'll have to allow outbound traffics Anchor Urls on Firewall/Network. This enables Anchor to work seamlessly. URLs: <domainname>.anchorservice.datanchor.io ...Anchor Recovery Tool
Coming Soon.Invalid Access Rules Notification
This article explains the notification Anchor users will receive when they are not following a file's access fules. You will learn: What access rules are. What the "Invalid Access Rules" notification means. Which available access rules can be placed ...