Configure Microsoft Active Directory - OpenID Connect

Before you begin

There are two prerequisites to complete before configuring the Identity Provider in ExtremeCloud Universal ZTNA.
  • Create ClientID, Client Secret, and Discovery URL in Entra ID under App Registration. Save a copy of each to use in this procedure.
  • Your organization's AD-synced users must have administrative privileges in Entra ID so Microsoft can authorize the user during log in. To set the permission, navigate to App Registrations > [Your Application] > API Permissions.

About this task

Follow this procedure to configure a Microsoft Active Directory - OpenID Connect Identity Provider.

Procedure

  1. Select Onboarding.
    The welcome window displays.
  2. Select Secure Hybrid Access [Secure Application Access or Secure Network Access].
    The Identity Provider window displays with ExtremeCloud Universal ZTNAselected.
  3. Select Microsoft Active Directory and Continue.
    Microsoft Active Directory window displays.
  4. [Default] Confirm that OpenID Connect is selected for the Single Sign-on Method.
  5. Follow the Setup Redirect URIs instructions.
  6. Enter the data you created in Entra ID into the following fields:
    1. Enter the Client ID.
    2. Enter the Client Secret.
    3. Enter the Discovery URL.
  7. Optional: Select All Domains or Custom and enter the domain.
    If you select Custom, fill in the approved domains. Applicable for network and application access.
  8. Select Secure Network Access.
    Note

    Note

    Specify the Client ID, Client Secret and Discovery URL.
  9. Select Validate Information.
    A message in the upper right corner confirms the validation test passed.
  10. Select Update.
    Update Identity Provider pop-up window displays. This message cautions you that the Identity Provider change logs out current users.
  11. If you decide to continue, select Confirm.
  12. Select Next.
    The Onboarding - Access Groups window displays.
  13. Configure Access Groups.
  14. Configure Resources.
  15. Configure Applications and Application Groups.
    You can skip this step if you are using Secure Network Access.
  16. Configure Policies.

Results

Your onboarding is complete. Your users, applications, and devices can now access the network securely.