Azure Active Directory (AD) with PubSub+ Cloud

You can integrate your organization’s Azure Active Directory (AD) with PubSub+ Cloud to enable single sign-on (SSO) and multi-factor authentication (MFA) for your enterprise accounts.

After you have configured Azure AD, your organization will receive a customized URL to log in to PubSub+ Cloud. If your users have already signed in to their Azure AD account, they will automatically be signed in to PubSub+ Cloud. Otherwise, they will be directed to your organization's AD sign-in page to enter their details. Your organization's AD settings determine whether multi-factor authentication (MFA) is used.

If a user belongs to multiple PubSub+ Cloud accounts that are associated with your organization's AD, they can switch between those accounts without logging in to the accounts separately.

Configuring PubSub+ Cloud with Azure AD

To integrate with Azure AD with PubSub+ Cloud, perform the following steps:

  1. Open a support ticket to request to have SSO enabled on your account. The PubSub+ Cloud Production Engineering team enables SSO and provides you with your organization ID. Use this ID in the next step.
  2. Register PubSub+ Cloud as an Azure AD Application.
  3. Provide the PubSub+ Cloud Production Engineering team with the following values from the previous step:
    • Application (client) ID
    • Directory (tenant) ID
    • PubSub+ Cloud secret

    The PubSub+ Cloud Production Engineering team completes the set up.

Register PubSub+ Cloud as an Azure AD Application

When you set up an Application Registration for PubSub+ Cloud in your Azure AD account, Azure generates a Client ID and a Client Secret that you use to bind your PubSub+ Cloud account to your Okta account. This allows your organization's PubSub+ Cloud users to be authenticated by Okta. The Discovery

To register PubSub+ Cloud as an application in Azure AD:

  1. In the Azure Portal, in the left-hand navigation pane, select Azure Active Directory.

    The Azure Active Directory page opens.

  2. Select Application Registration from the left-hand menu, then click New Registration.

    The Register an application page opens.

  3. In the Name field, enter Solace Cloud. Under Supported account types, select Accounts in this organizational directory only.In the Redirect URI (Optional) field, enter https://console.solace.cloud/login/oauth2/code/<orgName>, where orgName is the organization ID provided to you by the PubSub+ Cloud Production Engineering team.

  4. Click Register at the bottom of the screen.

    The application registration is created in your Azure AD and the Application Overview page is displayed, showing the Application (client) ID and the Directory (tenant) ID values. Make a note of these values because the PubSub+ Cloud Production Engineering team will need them to complete the configuration.

  5. Click View API Permissions. The API Permissions page is displayed.
  6. From the API Permissions page, select Microsoft Graph.
  7. On the Request API permissions dialog, select Delegated Permissions.
  8. Click Update permissions.
  9. Click Grant admin consent for Solace Cloud, then click Yes to confirm. Note that you must be an administrator of the directory to do this.

    The page is updated to confirm that admin consent was successfully granted.

  10. In the left-hand menu, click Certificates &secrets.
  11. Create a Client Secret by clicking New client secret. The Add a client secret dialog is displayed.

  12. In the Add a client secret dialog, enter a description for the PubSub+ Cloud secret, then select an expiry period. Note that if you don't pick Never, you will need to update the secret key periodically.
  13. Click Add. Make a note of the secret because the PubSub+ Cloud Production Engineering team will need it to complete the configuration.