Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Ivory

Identity Awareness using Azure AD

Jump to solution

Hi,

Possibly a daft question, but can anyone confirm if IA works against Azure AD as opposed to 'normal' AD? This is for an org that won't have any on prem AD at the end of the implementation.

I've had a look through the deployment guide for the version we would be implementing but it doesn't specifically mention Azure as being OK and I understand from our cloud architects that it's a bit different to AD as I know it.

Thanks in advance.

A.

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Employee+
Employee+

Hi @adamhi ,

 

In R80.40, you can use SAML integration with AzureAD for authentication and autorization.

However, in the IDA picker (when you create access roles), you will need to represent the AzureAD objects (users/machines/groups) manually as "Identity Tag" objects.

In R81, the integration of AzureAD in IDA picker will be available, where you can create your AzureAD object and select the objects from AAD same way as you do it on regular AD.

It will be available for EA via R81 EA program. Please contact your local SE for more details.

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

0 Kudos
9 Replies
Highlighted
Admin
Admin

@Royi_Priov this is still in EA, right?

0 Kudos
Highlighted
Employee+
Employee+

Hi @adamhi ,

 

In R80.40, you can use SAML integration with AzureAD for authentication and autorization.

However, in the IDA picker (when you create access roles), you will need to represent the AzureAD objects (users/machines/groups) manually as "Identity Tag" objects.

In R81, the integration of AzureAD in IDA picker will be available, where you can create your AzureAD object and select the objects from AAD same way as you do it on regular AD.

It will be available for EA via R81 EA program. Please contact your local SE for more details.

 

Thanks,
Royi Priov
Group manager, Identity Awareness R&D

View solution in original post

0 Kudos
Highlighted
Ivory

Thanks gents, much appreciated.

This isn't going to be needed until Q2 2021, so I'm not sure we need to look into EA. I'll let the hierarchy know that it is feasible given current tech stack.

A

0 Kudos
Highlighted
Employee+
Employee+

Hi @adamhi , by that time you will be able to use the GA of this feature (as part of R81).

Good luck 🙂

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
0 Kudos
Highlighted
Iron

Hi, just the manager needs to use the R80.40 to work with SAML? Or the gateways too?
Thanks!

0 Kudos
Highlighted
Admin
Admin

This requires R80.40+ gateways.

0 Kudos
Highlighted
Employee+
Employee+

Hi @Martins 

I will clarify:

  • In R80.40 we have added SAML support to IDA captive portal. it means we can use AAD as SAML Identity Provider. 
  • in R81 we have added AzureAD as user directory, which means you can configure entities (users/group/machines) from AAD in Identity Awareness Access Roles objects.

 

Both features requires both SmartCenter and GW to be in this version.

Thanks,
Royi Priov
Group manager, Identity Awareness R&D
Highlighted
Iron

Hi @Royi_Priov ,
Thank you for clarify.
Can I use SAML with 3rd party (MFA) as a Identity provider to autenticate the VPN ?

Thanks.

0 Kudos
Highlighted
Admin
Admin

VPN clients currently do not support SAML authentication.
This is planned for a later release.