Cloud Maker

As part of the Cloud Maker Enterprise Server (CMES) install using the Azure Marketplace solution offer, an Azure Active Directory App Registration is required.

The app registration is required to allow Azure Active Directory-based user authentication to the CMES appliance.

To set up the Azure App Registration for the CMES install, do the following:

Navigate to App Registrations on the left panel

Enter a Name for your App Registration

Select Accounts in this organizational directory only (Tenant Name - Single tenant)

Do not enter a Redirect URI, as this is not required

Note down the Application (Client) ID and Directory (tenant) ID for later

1. Add a platform: Single-page application 
2. Configuration: 
 1. Redirect URI: Enter the FQDN you wish to use for your CMES appliance:
 1. For a custom domain it would be <a href="https://cmes.yourdomain.com" rel="nofollow noopener noreferrer" target="_blank">https://cmes.yourdomain.com</a>
 2. For a default FQDN, it would be https://&lt;public-ip-dns-label&gt;.&lt;region&gt;.cloudapp.azure.com 
 3. For a US Gov default FQDN, it would be: https://&lt;public-ip-dns-label&gt;.&lt;region&gt;.cloudapp.usgovcloudapi.net
 2. Do not enter a Front-channel logout URL
 1. Make sure Access tokens is checked
 2. Make sure ID tokens is checked
 3. Click Configure to save your settings

Next, select the Expose an API option on the left menu and set the following settings:

1. Add a scope
2. Save and continue with the default application ID 
3. Configuration: 
 1. Scope name: user_access 
 2. Who can consent: Admins only 
 3. Admin consent display name: User access scope for CMES
 4. Admin consent description: This scope facilitates user access to the Cloud Maker Enterprise Server appliance.
 5. Click Add scope to save your settings

Next, select Manifest from the left menu and set the following settings:

1. Change accessTokenAcceptedVersion from <code>null</code> to <code>2</code> and save

1. Open Azure Active Directory
2. Navigate to App Registrations on the left panel
3. Select +New App Registration
4. Enter a Name for your App Registration
5. Select Accounts in this organizational directory only (Tenant Name - Single tenant)
6. Do not enter a Redirect URI, as this is not required
7. Note down the Application (Client) ID and Directory (tenant) ID for later 
8. In the Authentication section: 
 1. Add a platform: Single-page application 
 2. Configuration: 
 1. Redirect URI: Enter the FQDN you wish to use for your CMES appliance:
 1. For a custom domain it would be <a href="https://cmes.yourdomain.com" rel="nofollow noopener noreferrer" target="_blank">https://cmes.yourdomain.com</a>
 2. For a default FQDN, it would be https://&lt;public-ip-dns-label&gt;.&lt;region&gt;.cloudapp.azure.com 
 3. For a US Gov default FQDN, it would be: https://&lt;public-ip-dns-label&gt;.&lt;region&gt;.cloudapp.usgovcloudapi.net
 2. Do not enter a Front-channel logout URL
 1. Make sure Access tokens is checked
 2. Make sure ID tokens is checked
 3. Click Configure to save your settings
9. Next, select the Expose an API option on the left menu and set the following settings: 
 1. Add a scope
 2. Save and continue with the default application ID 
 3. Configuration: 
 1. Scope name: user_access 
 2. Who can consent: Admins only 
 3. Admin consent display name: User access scope for CMES
 4. Admin consent description: This scope facilitates user access to the Cloud Maker Enterprise Server appliance.
 5. Click Add scope to save your settings
10. Next, select Manifest from the left menu and set the following settings: 
 1. Change accessTokenAcceptedVersion from <code>null</code> to <code>2</code> and save