Integrate Azure OpenID Connect
How to integrate Azure OpenID connect with Ezeelogin jumpserver?
Overview: This article will help Ezeelogin super admin user to integrate Azure OpenID Connect with the Ezeelogin jump server.
Note: OpenID connect is an authentication mechanism for web applications. It's based on web protocols and it cannot be used for user authentication over SSH.
Step 1: Login to Ezeelogin GUI and click on Settings -> OpenID Connect and copy 'redirect URL'.
Step 2: Login to Azure portal and select 'app registration'.
Step 3: Register new application.
Step 4: Provide the application name and select the supported account type. Under the redirect URL, select "Web" and paste the OIDC URL from Ezeelogin.
Step 5: Click on "Add a certificate or secret" to create a new client secret.
Step 6: Click on "New client secret", provide a name, and click "Add" to generate a new client secret.
Step 7: Copy the secret value from the list and paste it into the Ezeelogin GUI OpenID Connect settings. (It will be displayed as encrypted after some time.)
Step 8: Copy the Client ID from the Overview tab and paste it into the Ezeelogin GUI OpenID Connect settings.
Step 9: Paste the client ID and client secret from Azure to Ezeelogin GUI OpenID connect settings.
Step 10: Copy the Tenant ID from Azure and paste it into the Provider URL field in the Ezeelogin GUI OpenID Connect settings, as shown in the example below:
Provider URL: https://login.microsoftonline.com/{tenant}/v2.0
Example: https://login.microsoftonline.com/f36f9ec9-2335-46ca-bb07-eb273cc241ad/v2.0
Step 11: Enable Auto Create User from Ezeelogin GUI -> Settings -> General -> Security -> Enable Auto Create User, so the user will automatically created after successful authentication from Azure.
Step 12: Set Web Panel Authentication to OpenID Connect Under Settings -> General -> Authentication -> OpenID Connect.
Step 13: Login into the Ezeelogin GUI and you will be prompted with the Microsoft Azure login Page where you will need to enter the login credentials to be authenticated into the Ezeelogin Application.
Step 14: Finally, you will be logged into the Ezeelogin GUI using OpenID Connect Authentication. The user will be created automatically on Ezeelogin after successful authentication from Azure.
Step 15: After logging into the GUI, you need to reset the password and security code of the user under Account -> Password in order to SSH to the ezsh shell.
Step 16: You can log in to Ezeelogin shell via Webssh shell or using any SSH client such as Putty or terminal etc.
Step 16.1: WebSSH: Click on the 'Open Web SSH Console' icon to SSH via the browser.
Step 16.2: Native SSH Client: After resetting the password and security code you can SSH to the ezsh shell (using Terminal or Putty) with the OpenID connect username.
Step 17: After logging into ezsh, the server list will be visible. The user can navigate using the Up and Down arrow keys and select a server using the Enter key.
How to add scope from Azure OpenID connect to Ezeelogin jumpserver?
Step 1: Navigate to API permissions -> add a permission -> Micrograph graph -> Delegated permissions
Step 2: Under OpenID permissions select required scopes and save the permissions.
Step 3: Login to Ezeelogin, go to OIDC advanced settings, add the scopes separated by spaces, and save the settings.
