Entra ID

Warning

Mideye Server 5 is no longer updated, and new installations are not supported. Only existing Mideye Server 5 installations and upgrades are supported. Please use Mideye Server 6 for new installations and continued support.

Starting from release 5.5 it is now possible to use Azure Active Directory (AAD) as a user repository for Mideye Server. A secure connection between the Mideye Server and Entra ID is established using Microsoft Graph. Complete the following steps to create a “App registration” in Entra ID.

App Registration

1. Navigate to portal.azure.com.
2. Sign in as a global administrator and select “Azure Active Directory”.
3. Click “App Registrations” and select “New registration”.
4. Give the application a friendly name and select what user repository to be allowed to use the application.
5. Select “Single-page application (SPA)” and leave the url blank. Complete the registration by clicking “Register”.

App Configuration

Once the app is registered in Azure Active Directory it must be configured. Click the created app and complete the following steps:

1. Navigate to “Certificates & secrets”
2. Click “New client secret” and give the client secret a friendly name. Click “Add”

3. Make note of the shared secret value. It will be needed later when configuring the Mideye Server.

   

4. Navigate to API permissions and click “Add a permission”

5. Select Microsoft Graph and Application permissions. Navigate to “User” and select “User.Read.All”. Click “Add permissions”

   

6. (Optional). To be able to retrieve more information about a specific user, such as group membership a delegated permission must be added. Click “Add Permissions”. Select “Microsoft Graph” followed by “Delegated permissions”. Navigate to user and select “User.Read.All”. Click “Add permissions”

   

   Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.

7. Last step is to grant admin consent for the app by clicking “Grant admin consent for app”.

Click “Yes” to grant permissions to the app. Navigate to “Overview” and take note of the following ID´s. These will be used later when configuring the Mideye Server.

• Application ID
• Object ID

Mideye Server configuration

Login to Mideye Server 5 as an administrator and navigate to “Configuration” followed by “Azure Active Directory”. Click “Create Azure Active Directory”. Add a Display name and paste the Tenant ID, Client ID and Client secret saved from previous steps.

Enter a friendly name followed by Tenant ID, Client ID and Client secret. Click “Verify Connection” followed by the UPN of a user that should be reachable in the tenant.

Ensure that users can be found using the UPN.

Navigate to the “User Properties” tab and select what properties to be read to fetch the mobile phone number and Token number. Default values are mobilePhone and businessPhones.

Select that property to be used from Entra ID to read mobile phone and tokennumber.

Click the “Group Check” tab. If group membership should be retrieved from users, check the “Enable Group Check”. This will only work if the optional step in API-permissions is configured (LINK). The group must be added using the object ID of the group in Entra ID.

Add the group membership using the Object ID from Entra ID.

Copy the ObjectId of the group from Entra ID and paste it into the Mideye Server Allowed Groups ID.

If needed, check the Enable Radius Translation and follow the instructions on how to create a new LDAP-RADIUS translation rule.

Click “Save”. To add a Entra ID profile to a RADIUS client, see

section