Enabling Azure AD Authentication for Composable
By integrating Microsoft Entra ID (formerly Azure AD) authentication with Composable, organizations can meet Multi-Factor Authentication (MFA) and Modern Digital Authentication (MDA) requirements, ensuring compliance with security best practices. Enforcing MFA is critical for data applications, as it significantly reduces the risk of unauthorized access, protects sensitive business intelligence, and prevents credential-based attacks. Given that data platforms often contain proprietary or regulated information, implementing strong authentication safeguards helps mitigate security threats and enhances overall data governance.
Note
Note: Microsoft has rebranded Azure Active Directory (Azure AD) as Microsoft Entra ID. While the functionality remains the same, you may see references to both names in the Azure Portal and documentation. This guide uses the updated Entra ID terminology, but older references to Azure AD may still appear.
Step 1: Create an App Registration in the Azure Portal
To enable Azure AD authentication for Composable, you need to create an App Registration in the Azure Portal. Follow these steps:
- Log in to the Azure Portal.
- In the left-hand menu, select Azure Active Directory.
- Under Manage, click on App registrations.
- Click the + New registration button at the top.
- In the Register an application form:
- Name: Enter a descriptive name (e.g.,
Composable AD Auth). - Supported account types: Choose the option that fits your organization's needs:
- Single tenant (Only accounts in your organization can use this application).
- Multitenant (Accounts from any Azure AD directory can use this application).
- Redirect URI (Optional at this stage; you'll configure this in Step 2).
- Click Register.
Once the App Registration is created, you will be redirected to its Overview page. From here, note the following values, as you will need them later:
- Application (Client) ID
- Directory (Tenant) ID
These values will be used in Composable's Web.config file to configure authentication.
Step 2: Add Composable Redirect URLs
In the App Registration, add the required redirect URLs. Composable may request Microsoft Online to redirect back to either:
- The login page
- The register page (if the user hasn't set up an account in Composable yet)
The redirect URLs should be in the following format:
https://mycomposableinstance.xxxx.com/CompAnalytics/Account/AzureADRegister.aspx https://mycomposableinstance.xxxx.com/CompAnalytics/Account/AzureADLogin.aspx
Step 3: Enable ID Tokens
Note
Ensure that the ID Tokens box is checked in the App Registration settings.
In the Azure Portal, navigate to your App Registration and follow these steps to enable ID tokens:
- Go to the Authentication tab in your App Registration.
- Under the Implicit grant and hybrid flows section, locate the ID tokens checkbox.
- Ensure that the ID tokens (Used for implicit and hybrid flows) box is checked.
- Click Save to apply the changes.
Enabling ID tokens allows Composable to securely authenticate users via Azure AD and retrieve identity claims needed for login and registration.
Step 4: Update Composable's Web.config
Modify the Web.config file in Composable by adding or updating the following keys:
<configuration>
<appSettings>
<add key="AzureADAuthEnabled" value="True"/>
<add key="AzureADAuthAutoApprove" value="True"/>
<add key="AzureADAuthClientId" value="xxguidxx"/>
<add key="AzureADAuthTenantId" value="xxguidxx"/>
</appSettings>
</configuration>
Key Descriptions:
- AzureADAuthClientId: Corresponds to the Application (Client ID) in the Azure App Registration Overview page.
- AzureADAuthTenantId: Corresponds to the Directory (Tenant ID) in the Azure App Registration Overview page.
- AzureADAuthAutoApprove:
- If set to True, users who self-register will be automatically approved.
- If set to False, an administrator must manually approve the account before the user can log in.
Once these configurations are set, Azure AD authentication will be enabled for Composable.