You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close

Looking for the Diagnostic Utility?

Click Here For Download and Usage Instructions

Accessing PortalGuard with Federated Cloud Users


Problem

Users are unable to login to PortalGuard with federated Azure Active Directory user accounts. 

Requirements

  • Password Hash Sync is enabled for your tenant (LINK)
  • Latest version of AzureAD Powershell Module (2.0.2.15)
    • Installation steps (LINK)

Solution

Create a new Home Realm Discovery Policy within your Azure Active Directory tenant (LINK to Microsoft article).

  1. Open Windows PowerShell.
  2. Connect to your Azure AD tenant.
    • Run 'Connect-AzureAD' and enter admin credentials.
  3. Create a policy to enable username/password authentication for federated users directly with Azure Active Directory for specific applications.
    • Run 'New-AzureADPolicy –Defintion @("{`"HomeRealmDiscoveryPolicy`":{`"AllowCloudPasswordValidation`":true}}") -DisplayName EnableDirectAuthPolicy -Type HomeRealmDiscoveryPolicy'
  4. Next, we will need to retrieve the new policy's ObjectID.
    • Run 'Get-AzureADPolicy' to view your new HRD policy
  5. Next, we will need to locate the service principal to assign the new policy.
  6. Login to Azure Active Directory and click 'Enterprise Applications'.
  7. Locate the ObjectID for the PortalGuard Authentication Client. 
  8. Assign the policy to your service principal.
    • Run 'Add-AzureADServicePrincipalPolicy -Id <VALUE FROM STEP 7> -RefObjectId <VALUE FROM STEP 4>'. 
  9. Complete.

REV. 06/2021 | PortalGuard

  • 141
  • 24-Jun-2021
  • 53 Views