If the users are registered in Azure Active Directory and Microsoft Active Directory then while registering these users in CSP Service, their credentials are not required to be stored by CSP Service. During user authentication, CSP Services can delegate this step to Azure Active Directory and Microsoft Active Directory. In order to make this mechanism work, Authentication Profiles need to be configured in ADSS Server. 

The Authentication Profiles are used by CSP Service to authenticate the users registered in Microsoft & Azure Active Directories. These profiles contain credentials for Microsoft and Azure Active Directories.  Below are the configuration steps for both Azure and Microsoft Active Directories: 

How To Authenticate CSP User Using Azure Active Directory
To create a new Authentication Profile, follow the steps mentioned below:

  1. Click on the Global Settings
  2. Select Authentication Profile Sub-module

      
  3. Click on the 'New' button to create a new authentication profile:
     
  4. Profile Status will be 'Active' by default. Profile ID field will be pre-populated inside Authentication Profile Identification section while creating a new authentication profile. Enter Profile Name and Profile Description (if needed) in their respective fields.  

  5. Select Azure Active Directory from 'Authentication Type' drop down. 
  6. Enter your respective Application ID in 'Application ID' field. Here Application ID is the Client ID generated on Azure Active Directory which is used to authenticate the user and get it's information. 
  7. Enter your respective URL in 'Application URL' field. Here it is the URL where client application can communicate with Azure Active Directory. 

  8. Click on the 'Test Connection' button in order to ensure that credentials are correct and a connection has been established with Azure Active Directory.
  9. Once the configurations are complete, click on the 'Save' button to save your settings.


Business Process for Azure Active Directory
The business process cycle for Azure Active Directory is explained below: 

  1. VCSP communicates with Azure Active Directory where the directory authenticates the user. 
  2. After user authentication, the Azure Active Directory generates an access token and sends it back to VCSP. 
  3. VCSP service forwards the access token and authentication profile id to CSP Service. 
  4. CSP Service communicates with Azure Active Directory using the credentials configured in authentication profile to get the access token verified.
  5. Once access token is verified, the CSP service generates it's own access token and sends it to VCSP that can be used for subsequent communication. 


How To Authenticate CSP User Using Microsoft Active Directory
To create a new Authentication Profile for Microsoft Active Directory, follow the steps mentioned below: 

  1. Click on the Global Settings
  2. Select Authentication Profile Sub-module

      
  3. Click on the 'New' button to create a new authentication profile:
     
  4. Profile Status will be 'Active' by default. Profile ID field will be pre-populated inside Authentication Profile Identification section while creating a new authentication profile. Enter Profile Name and Profile Description (if needed) in their respective fields.

  5. Select 'Microsoft Active Directory' from 'Authentication Type' drop down. 
  6. Enter your respective IP Address in 'Machine Name/IP Address' field where Microsoft Active Directory is deployed. 
  7. Enter the Port Number inside 'Port'. This specifies the port number of the machine we want to access. 
  8. Enter the administrator user in 'Directory Administrator' field. This will enable the CSP Service to access the Microsoft Active Directory with admin rights.  
  9. Enter the password of your respective administrator user in 'Password' field. 

  10. Click on the 'Test Connection' button in order to ensure that credentials are correct and a connection has been established with Microsoft Active Directory.
  11. Once the configurations are complete, click on the 'Save' button to save your settings. 


Business Process for Microsoft Active Directory
The business process cycle for Microsoft Active Directory is explained below: 

  1. Users provides it's respective credentials on VCSP. 
  2. VCSP stores the user credentials and sends it to CSP Service. 
  3. CSP Services communicates with Microsoft Active Directory to verify the received user credentials via authentication profiles. 
  4. Once credentials are verified by Microsoft Active Directory, the CSP service generates it's own access token and sends it to VCSP that can use it for subsequent communication.


Client Manager 
We need to assign authentication profile to clients through Client Manger. Please follow the required steps mentioned below:

  1. Click on the Client Manager.
  2. Select your required Client ID

  3. Click on the CSP Service.
  4. Select your required Authentication Profile from the list of available authentication profiles.

     
  5. Click on the 'Save' button to save your settings.