Could I use selfhost AD with OpenPAI? - openpai

For some reasons, our servers cannot connect to the Internet so we have a selfhost AD server to manage users. I wonder if I could use it because the docs only say they support AAD :( Thanks!

It's not possible to self-host AAD.
Except for AAD, OpenPAI provides also basic authentication mode, which you can use without internet access.
As a reference, there are tools like Azure AD Connect that can help to sync your on-prem & cloud auth system.

Related

Pulling Azure Security data into Power BI Desktop using Graph Security API: How to set permissions in Azure AD

I'm attempting to connect the Microsoft Graph Security API Connector to Power BI Desktop. Everything seems to work okay until I try to set 'Application' or advanced 'Delegated' authorizations so I can execute GET commands, such as '/security/securityActions', '/security/TiIndictors' and '/security/securityEvents'.
When using the Graph Security API Connector in Power BI, it automatically connects to my Azure tenant as a Service Principle (e.g. Enterprise Application) with an App ID = 'cab163...'. However, this Enterprise Application doesn't have an intuitive way to add additional permissions.
The documentation https://learn.microsoft.com/en-us/power-bi/desktop-connect-graph-security only talks about Delegated authorization.
Any guidance would be helpful. I'm sure it's an easy solution - it's seriously eluding me.
Thanks!
To set permissions for Application Only mode, please refer to the Application permissions section.
Your app needs to be consented by an administrator.

Security Suggestion API

I have a SharePoint Online application that access an API the reside outside my network and one of our Azure. This API is accessibly through public. I am using this API to access data in my SQL server, with this I am worried that my API is not secure and I am wonder what are the things I can do to secure my API so that no only users logged in to our SharePoint can use it.
There are several ways in which you can secure it. These ways vary in complexity and each have their specific considerations.
Secure an API with Azure AD
If you're using Office 365, securing custom APIs using Azure AD is an architectural option that you should definitely consider. First and foremost, it allows you to secure the access to the API using existing organizational credentials that are already managed through Office 365 and Azure AD. Users with an active account can seamlessly work with applications that leverage APIs secured with Azure AD. Azure AD administrators can centrally manage access to the API, the same way they manage access to all other applications registered with Azure AD.
More info: here

How to : Azure Web App using On Premise Windows Authenticated SQL

I want to use On Premise Windows Authenticated SQL with Azure Web App. I am new to Azure. what are all possible ways to achieve this.
Thanks!
I want to use On Premise Windows Authenticated SQL with Azure Web App.
Unfortunately, it is not supported by Azure WebApp. If we want to use the Windows Authenticated, we need to ensure that Windows Authentication is enabled for the web server. We could remote to Azure website to check that there is no Windows Authenticated under the Authentication option, details please refer to the screenshot.
.
If you stick on absolutely use On Premise Windows Authenticated and host your website on Azure, you could use Azure Windows VM to host your website. And need to join the VM to your AD, that meanings both VMs are in the same network.
As you use on-premise machine, you will need to create a site to site VPN.

Federated authentication via OpenID Connect from Azure

I need to run .NET applications in Azure and have them authenticate against my on-premise directory (via PingFederate). It appears that ACS is the only way to do federated authentication from Azure, even though it has been deprecated for over a year. It also seems that ACS does not support OpenID Connect.
So am I correct in thinking it is not possible to do federated authentication via OpenID connect from Azure? And does anyone know when federation with external identity providers will be added to Azure AD?
Federated authentication is supported by Azure AD. Most of our enterprise customers connect their Azure Active Directory to their on-premises directory for federated authentication with Office 365 and other SAAS apps connected with Azure AD.
You can indeed federated your Azure AD with PingFederate and use Azure AD' OpenIDConnect protocol to configure single sign on for your cloud application.
Sign-up for a free trial Azure subscription and create a directory. Use the documentation here (http://msdn.microsoft.com/library/azure/jj673460.aspx) and the following sample app (https://github.com/AzureADSamples/WebApp-OpenIDConnect-DotNet) to connect your app' authentication with your directory using OpenIDConnect.
Then, add a verified domain to your directory and federate it with your PingFederate STS by following the guidance here (http://documentation.pingidentity.com/display/PFS/SSO+to+Office+365+Introduction).
We don't recommend using ACS for this scenario.
Hope this helps.

Any standardized login functionality available in Azure

We are looking to host our product on Azure- the intent behind using Azure is that we get to focus on the core product, and are fine with the standard cloud features that Azure offers without needing to understand too much of the internals- not exactly the power users!
One thought was that if Azure had an authentication functionality- profiles, logins, password reset/ reminder etc, it would save us time from building what is essentially a commodity
Any guidance on this?
Azure offers the Access Control Service, which is a Federated Authentication service. It's already preconfigured with support for Live ID, Google and Yahoo authentication, but you can also add your own security token service (such as ADFS).
Windows Azure does not have a built in login feature. However,App Fabric Access Control Service(ACS) does; see the ACS tutorial here for example usage.