Single sign-on with Microsoft Azure AD

Simplify password management, improve security, and log in seamlessly with Azure Active Directory SSO!
Note: Single sign-on with Microsoft Azure AD is available to Atera Superpower and Enterprise users only.

This article describes:

• How Azure AD SSO and Atera work
• Setting up your Azure AD portal
• Activating Azure AD SSO
• Deactivating Azure AD SSO

How Azure Active Directory SSO and Atera work

Before activating Azure Active Directory SSO for your Atera account, you'll first need to set up your Azure Active Directory (AD) platform. This includes registering Atera within your Azure portal, creating a client secret, adding a URI, generating a client secret, and creating a user. All these steps are described in this article. Once this is done, you'll be able to connect your Azure AD to Atera for a safe and seamless login experience.

Set up Azure Active Directory SSO

Before activating SSO for your Atera account, you'll need to configure your Azure AD platform settings. This section describes:

• Registering Atera in Azure AD
• Configuring Azure AD platform settings
• Adding a client secret
• Creating a user

To register Atera in Azure AD:

1. From the Azure portal, click App registrations.

The App registrations page appears.

2. Click New registration. The Register an application page appears.

3. Enter the Atera tenant name.

4. Select the account type.

5. Select Web from the dropdown list. Then enter "https://auth.atera.com/login/callback" in the redirect URI.

6. Click Register.

The Azure portal displays the Atera Overview pane, where you'll find your Client ID (under Essentials) — we'll be using this later!
Note: For more information on registering apps, see this article

To configure Azure AD platform settings:

1. From the Azure portal, click App registrations.

2. Select the Atera tenant name.

3. Under Manage, click Authentication. The Authentication page appears.

4. Under Platform configurations, click Add a platform. Then select Web from the Configure platforms slide-out modal.

The Configure Web slide-out modal appears. 

5. Under Redirect URIs, enter: "https://auth.atera.com/login/callback"

6. Click Configure.

Nice! Platform configured.

To add a client secret:

1. From the Azure portal, go to App registrations.

2. Select the Atera tenant name.

3. Under Manage, click Certificate & secrets. The Certificates & secrets page appears.

4. Click New client secret. Then enter the description and select an expiration date from the Add a client secret slide-out modal.

5. Click Add. 

The client secret appears within the Client secrets tab — we'll be using this later!

Note: For more information on client secrets, see this article

To create a user:

1. From the Azure portal, go to Azure Active Directory.

The Overview page appears.

2. Under Manage, click Users. The Users page appears.

3. Click + New user > Create new user. The New user page appears.

4. Under Select template, select the Create user radio button.

5. Under Identity, enter the following information:

• User name: The user name is the identifier you'll enter to sign in to Azure AD.
  Enter the username. Then select the domain name from the dropdown list. 
• Name: Enter the technician's full name.
• First name: Enter the technician's first name (optional). 
• Last name: Enter the technician's last name (optional). 

Note: Please ensure that the user name (including domain), first name, and last name align with the user's credentials within Atera. Otherwise, the connection will fail.

6. Click Create.

Great stuff! You've configured your platform settings, added a client secret, and created a user. You can now activate SSO in Atera.

Activate Azure Active Directory SSO

Note:

• Only an Admin can activate Azure AD SSO.
• Activating Azure AD SSO will disable 2FA for all users on the account.

To activate single sign-on for your account:

1. From Admin (on the sidebar), click Security and Authentication.

The Security and Authentication page appears.

2. Click the Authentication dropdown icon ().

3. Select the Azure AD single sign-on (SSO) radio button.

4. Enter your Azure AD details:

• Microsoft Azure AD Domain: Enter the domain set up in your Azure AD account.
• Client ID: Enter the client ID generated when registering Atera in Azure AD. See how to generate a client ID
• Client Secret: Enter the client secret generated in your Azure AD account. See how to generate a client secret
• Redirect URL: Enter the Redirect URL you have stored within the app registration in your Azure AD account ("https://auth.atera.com/login/callback"). 

5. Click Save.

Nice! SSO is enabled for your account.

Deactivate Azure Active Directory SSO

Two-factor authentication is enabled by default. If you've enabled SSO, and you'd like to return to two-factor authentication, you can remove your SSO connection.
Note:

• Removing your SSO connection will delete all Azure-related information from Atera (Microsoft Azure AD Domain, Application (Client) ID, and Client Secret).
• Only an Admin can deactivate Azure AD SSO.

To deactivate Azure Active Directory SSO:

1. From Admin (on the sidebar), click Security and Authentication.

The Security and Authentication page appears.

2. Click the Authentication dropdown icon ().

3. Select the Two-factor authentication (2FA) radio button. A confirmation window appears. 

4. Click Enable authentication app.

Two-factor authentication is enabled for all users on your account.