As part of the Cloud Maker Enterprise Server (CMES) install using the Azure Marketplace solution offer, an Azure Active Directory App Registration is required.
The app registration is required to allow Azure Active Directory-based user authentication to the CMES appliance.
To set up the Azure App Registration for the CMES install, do the following:
Open Azure Active Directory
Navigate to App Registrations on the left panel
Select +New App Registration
Enter a Name for your App Registration
Select Accounts in this organizational directory only (Tenant Name - Single tenant)
Do not enter a Redirect URI, as this is not required
Note down the Application (Client) ID and Directory (tenant) ID for later
In the Authentication section:
Add a platform: Single-page application
Configuration:
Redirect URI: Enter the FQDN you wish to use for your CMES appliance:
For a custom domain it would be https://cmes.yourdomain.com
For a default FQDN, it would be https://<public-ip-dns-label>.<region>.cloudapp.azure.com
For a US Gov default FQDN, it would be: https://<public-ip-dns-label>.<region>.cloudapp.usgovcloudapi.net
Do not enter a Front-channel logout URL
Make sure Access tokens is checked
Make sure ID tokens is checked
Click Configure to save your settings
Next, select the Expose an API option on the left menu and set the following settings:
Add a scope
Save and continue with the default application ID
Configuration:
Scope name: user_access
Who can consent: Admins only
Admin consent display name: User access scope for CMES
Admin consent description: This scope facilitates user access to the Cloud Maker Enterprise Server appliance.
Click Add scope to save your settings
Next, select Manifest from the left menu and set the following settings:
Change accessTokenAcceptedVersion from
null
to2
and save