Skip to content

Entra ID

Starting from release 5.5 it is now possible to use Azure Active Directory (AAD) as a user repository for Mideye Server. A secure connection between the Mideye Server and Entra ID is established using Microsoft Graph. Complete the following steps to create a “App registration” in Entra ID.

App Registration

  1. Navigate to portal.azure.com.
  2. Sign in as a global administrator and select “Azure Active Directory”.
  3. Click “App Registrations” and select “New registration”.
  4. Give the application a friendly name and select what user repository to be allowed to use the application.
  5. Select “Single-page application (SPA)” and leave the url blank. Complete the registration by clicking “Register”.

App Configuration

Once the app is registered in Azure Active Directory it must be configured. Click the created app and complete the following steps:

  1. Navigate to “Certificates & secrets”
  2. Click “New client secret” and give the client secret a friendly name. Click “Add”

  3. Make note of the shared secret value. It will be needed later when configuring the Mideye Server.

    Create a new Client Secret

  4. Navigate to API permissions and click “Add a permission”

  5. Select Microsoft Graph and Application permissions. Navigate to “User” and select “User.Read.All”. Click “Add permissions”

    Allows the app to read user profiles without a signed in user.

  6. (Optional). To be able to retrieve more information about a specific user, such as group membership a delegated permission must be added. Click “Add Permissions”. Select “Microsoft Graph” followed by “Delegated permissions”. Navigate to user and select “User.Read.All”. Click “Add permissions”

    Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access.

  7. Last step is to grant admin consent for the app by clicking “Grant admin consent for app”.

Click “Yes” to grant permissions to the app. Navigate to “Overview” and take note of the following ID´s. These will be used later when configuring the Mideye Server.

  • Application ID
  • Object ID

Mideye Server configuration

General

Login to Mideye Server 6 as an 'administrator'/'superadministrator' and navigate to “Azure Active Directory” located under the “Directory Settings” in the sidebar menu. From there, proceed to click on the “Create Azure Active Directory” button. Add a 'Display name' and paste the Tenant ID, Client ID and Client secret saved from previous steps.

Enter a friendly name followed by Tenant ID, Client ID and Client secret. Enter a friendly name followed by Tenant ID, Client ID and Client secret. Click “Verify Connection” followed by the UPN of a user that should be reachable in the tenant.

Ensure that users can be found using UPN.

Ensure that users can be found using the UPN.

User Properties

Navigate to the “User Properties” tab and select what properties to be read to fetch the mobile phone number and Token number. Default values are mobilePhone and businessPhones.

Select that property to be used from Entra ID to read mobile phone and tokennumber.

Select that property to be used from Entra ID to read mobile phone and tokennumber.

Group Check

Click the “Group Check” tab. If group membership should be retrieved from users, check the “Enable Group Check”. This will only work if the optional step in API-permissions is configured (LINK). The group must be added using the object ID of the group in Entra ID.

Add the group membership using the Object ID from Entra ID.

Add the group membership using the Object ID from Entra ID.

Copy the ObjectId of the group from Entra ID and paste it into the Mideye Server Allowed Groups ID.

Copy the ObjectId of the group from Entra ID and paste it into the Mideye Server Allowed Groups ID.
If needed, check the Enable Radius Translation and follow the instructions on how to create a new LDAP-RADIUS translation rule.

Phone Number Auto Correction

Enable 'Phone Number Auto Correction' if the Mideye Server is to automatically insert the correct international prefix for the users in the active directory. Default prefix will be '+46' for Sweden, this should be changed to the preferred prefix.

User Locking

Enable 'User Locking' if the users should be able to be locked out for a set amount of time, after a set amount of failed login attempts. Default value here is 10 attempts and 1 minute of lockout.

Click “Save”. To add a Entra ID profile to a RADIUS client, see

section