Quelle anzeigen

Description:

The LMC allows external identity providers (IdP) to be connected for authentication. This makes it possible to implement central user management.

This article describes how to configure authentication of LMC users via the identity provider Microsoft Entra.

It is recommended to temporarily invite a user from outside the Entra domain to the organization for configuration in Entra. As a result, access to the organization is possible even if all users from the Entra domain have been locked out due to a misconfiguration.

Requirements:

Access to the LMC as well as your own project
Configured and functional Entra organization with configured users
The configuration in the LMC must be made as a Project administrator
Any web browser for accessing the LMC and Microsoft Entra

Procedure:

1) Configuration steps in Microsoft Entra:

1.1) Connect to your Microsoft Entra instance and go to the menu App registrations. Click on New registration afterwards.

Add a new app registration in Entra

1.2) Modify the following parameters and click Register:

Name: Enter a descriptive name for the app registration (in this example LMC-IdP).
Redirect-URI: Select the option Single-page application in the dropdown menu and enter the link https://cloud.lancom.de/action/idp-login.

Make absolutely sure to use the option Single-page application for the Redirect-URI. If the option Web application is used instead, the user authentication won't work!

Enter a name and Redirect-URI for the app registration

1.3) Copy the Application (client) ID and save it to a text file. It must be entered in the LMC in step 2.6 as the OIDC Client ID.

Click on Endpoints afterwards.

Copy the Application ID of the created app and open the Endpoints page

1.4) Copy the link in the field OpenID Connect metadata document before the string .well-known/openid-configuration and save it in a text file. The link must be entered in the LMC in step 2.5 as the OIDC Issuer URL.

The dot must not be copied.

Copy the link of the OpenID Connect metadata document

1.5) This concludes the configuration steps in Entra.

2) Configuration steps in the LMC:

2.1) Connect to the LMC via a web browser and go to the menu Management → External admin user management.

Open the menu External admin user management in the LMC

2.2) Click on Add IdP configuration.

Add a new Identity Provider

2.3) Activate the IdP configuration via the slider and enter a descriptive name in the field Identity provider name (in this example Entra).

Activate IdP and enter a name

2.4) Modify the following parameters:

Domain ownership verification: Copy the TXT Resource Record and add it to the domain settings of your domain hoster.
E-mail domain: Enter your E-mail domain (in this example mydomain.com).

The E-mail domain is verified automatically when saving the IdP configuration. Therefore it does not have to be verified manually.

Copy the TXT Resource Record and enter your E-mail domain

2.5) Enter the link of the OpenID Connect metadata document copied in step 1.4 in the field OIDC Issuer URL and click on Verify.

Enter the OIDC Issuer URL

2.6) Enter the Application (client) ID copied in step 1.3 in the field OIDC Client ID and click Save.

Enter the OIDC Client ID and save the IdP configuration

2.7) This concludes the configuration steps in the LMC. Clicking the Back to Overview button brings you back to External admin user management.

Go back to the overview of the External admin user management after the IdP configuration

Thank you for your feedback! You can also send us constructive suggestions for improving our knowledge base or ideas for new articles by email to knowledgebase@lancom.de.