Skip to content

Azure Active Directory integration (optional post deployment step)

You can use your organization's Active Directory to allow your users to log into the KX Insights Platform User Interface with their existing credentials.

The steps below enable Active Directory as an Identity Provider in KX Insights.

Pre-requisites

In order to successfully install KX Insights on Azure you will need the following:

  1. The Application Administrator role in order to create and manage an App registration for KX Insights.

  2. Access to a Bash shell to run the registration script, with the latest version of Azure CLI installed. You can use Azure Cloud Shell for this:

    CloudShell

  3. The Keycloak admin password and URLs of your KX Insights Platform deployment.

    KeycloakPassword

    URL

  4. The administrator and standard user roles in the KX Insights Platform.

Create KX Insights roles

Follow the steps below to log in to Keycloak, which KX Insights uses as its Identity and Access Management component and create the necessary roles.

  1. Use the keycloakUrl or the insightsUiUrl + /auth/ from section above to navigate to the Keycloak web UI.

    Keycloak

  2. Click on Administration Console and log in with the username user and the password you provided during the deployment.

    SignIn

  3. Click on Roles in the left-hand menu then click on the Add Role button.

    AddRole

  4. Enter the Role Name: insights.user and click Save.

  5. Turn Composite Roles ON.

  6. Associate it with the following roles:

    insights.builder.*
    insights.license.current.get
    insights.monitor.*
    insights.pipeline.*
    insights.query.*
    insights.scratch.*
    InsightsUser

  7. Click on Roles in the left-hand menu then click on the Add Role button.

  8. Enter the Role Name: insights.admin and click Save.

  9. Turn Composite Roles ON.

  10. Associate it with the following roles:

    insights.client.*
    insights.user
    InsightsAdmin

Create the Azure Active Directory App registration and groups

Now you need to create two users groups in AAD, one for administrators and one for standard users.

  1. Visit your Azure Active Directory page in the Azure portal.

  2. Click on Add > App registration.

    AddApp

  3. Choose a user-facing display name and click Register.

    RegisterApp

  4. You need to add a user group for administrators and one for standard users. You can use existing groups, if you have any that are appropriate, or you can create new groups as desired.

    Groups

Integrating Insights roles and Azure Active Directory groups

Now you need to link KX Insights roles to the Azure Active Directory groups.

  1. Start a Cloud Shell session.

  2. Use the below command to get the registration script. This will also list the expected parameters:

    wget -qO register_idp.sh 'https://kxinsightsprod.blob.core.windows.net/registeridp/register_idp.sh?si=registeridp&spr=https&sv=2020-08-04&sr=b&sig=efvaJc3HwIBOgu2SIflLpLrjc9dckpxj01Gi45oB6Wc%3D' && chmod a+x register_idp.sh && head -n 16 register_idp.sh
    #!/bin/bash
    set -euo pipefail
    
    INSIGHTS_URL=${1%/}
    KEYCLOAK_ADMIN_PASSWD=${2}
    USER_GROUP=${3}
    ADMIN_GROUP=${4}
    APP_NAME=${5}
    IDP_NAME=${6:-Azure AD}
    IDP_ALIAS=${7:-oidc}
    
    ADMIN_USER="user"
    REALM="insights"
    USER_ROLE="insights.user"
    ADMIN_ROLE="insights.admin"
  3. Run the below command with your own parameters:

    ./register_idp.sh <INSIGHTS_UI_URL> <KEYCLOAK_ADMIN_PASSWD> <USER_GROUP_NAME> <ADMIN_GROUP_NAME> <APP_REG_NAME>
    Example execution:

    ./register_idp.sh 'https://kxinsights.westeurope.cloudapp.azure.com' '********' 'KX Insights Users' 'KX Insights Administrators' 'KX Insights Platform'

    At the end of the execution you should get a similar result as displayed below:

    {
      "appId": "********-****-****-****-************",
      "displayName": "KX Insights Platform",
      "groupMembershipClaims": "SecurityGroup",
      "id": "********-****-****-****-************",
      "redirectUris": [
        "https://kxinsights.westeurope.cloudapp.azure.com/auth/realms/insights/broker/oidc/endpoint"
      ],
      "secrets": [
        "https://kxinsights.westeurope.cloudapp.azure.com/insights/oidc"
      ]
    }

Test the Integration

Once the integration is complete, follow the steps below to log in to the KX Insights Platform with your Azure Active Directory credentials:

  1. Locate the deployment outputs.

    • Customer Managed Plan: Click on Outputs in the left-hand navigation menu.
  2. Copy the insightsUiUrl value and navigate to this in a new browser tab.

    Output

  3. Log in using your Azure credentials.

    LoginAAD

  4. Accept the Permissions requested by the App.

  5. You will be directed to the KX Insights Platform User Interface.

    KXUi