OIDC/Microsoft Entra ID
By using the Microsoft Entra ID authentication/authorization method, based on the OpenID Connect protocol, you can:
- Manage your accounts from a central location: the Microsoft Entra ID directory, known as a tenant.
- Monitor in Microsoft Entra who can access the SNS firewall web administration interface,
- Monitor which users/groups are allowed to authenticate over the SNS firewall's captive portal using their Microsoft Entra ID accounts,
- Monitor which users are allowed to connect to the SSL VPN with their Microsoft Entra ID accounts.
This module allows you to:
- Configure your firewall through a wizard, to use the Microsoft Entra ID method, based on your Microsoft Entra ID tenant settings.
- Show/edit the configuration of the Microsoft Entra ID method once it is available on the firewall.
Configuring your firewall to use the Microsoft Entra ID method
The procedure for configuring the Microsoft Entra ID method is detailed in the technical note Configuring and using OIDC/Microsoft Entra ID authentication.
Showing/editing the configuration of the Microsoft Entra ID method on your firewall
Open ID Connect/Microsoft Entra ID
| Domain name |
This is the main domain name as shown in the configuration center of your Microsoft Entra ID tenant (e.g., snsdoc.onmicrosoft.com). |
Information about the SNS application on your Microsoft Entra ID tenant:
| MS Entra ID service URL |
This URL is generated automatically and takes the following form: https://login.microsoftonline.com/<tenant ID>/v2.0. The <tenant ID> value can be looked up in the configuration center overview of your Microsoft Entra ID tenant (Identity). |
| Application ID (client). | This value can be viewed in the properties of your SNS application, in the configuration center of your Microsoft Entra ID tenant. |
| Client secret | This secret was defined when creating your SNS application, in the configuration center of your Microsoft Entra ID tenant. |
To find out how to retrieve these values from your Microsoft Entra ID tenant's configuration center, see the technical note Configuring and using OIDC/Microsoft Entra ID authentication.
Service URL
This box shows the redirection URLs that you need to enter in your Microsoft Entra ID tenant configuration.
| Captive portal |
URL generated from the parameters regarding redirection to the captive portal (Configuration > General configuration tab > Advanced configuration section). |
| SSL VPN | URL generated from the public IP address or FQDN entered in the firewall's SSL VPN configuration (VPN > SSL VPN). |
| Web administration interface | URL generated from the name of the firewall (Configuration > General configuration tab > General configuration section). |
You can also change the duration after which an Entra ID session has to be re-authenticated: this Maximum duration of a Microsoft Entra ID session is expressed in days and hours (default value proposed when configuring Microsoft Entra ID on the firewall: 1 day)