Azure Active Directory integration (optional post deployment step)
You can use your organization's Active Directory to allow your users to log into the KX Insights Platform User Interface with their existing credentials.
The steps below enable Active Directory as an Identity Provider in KX Insights.
Pre-requisites
In order to successfully install KX Insights on Azure you will need the following:
-
The Application Administrator role in order to create and manage an App registration for KX Insights.
-
Access to a Bash shell to run the registration script, with the latest version of Azure CLI installed. You can use Azure Cloud Shell for this:
-
The Keycloak admin password and URLs of your KX Insights Platform deployment.
-
The administrator and standard user roles in the KX Insights Platform.
Create KX Insights roles
Follow the steps below to log in to Keycloak, which KX Insights uses as its Identity and Access Management component and create the necessary roles.
-
Use the
keycloakUrl
or theinsightsUiUrl
+/auth/
from section above to navigate to the Keycloak web UI. -
Click on
Administration Console
and log in with the usernameuser
and the password you provided during the deployment. -
Click on
Roles
in the left-hand menu then click on theAdd Role
button. -
Enter the Role Name:
insights.user
and clickSave
. -
Turn Composite Roles
ON
. -
Associate it with the following roles:
insights.builder.* insights.license.current.get insights.monitor.* insights.pipeline.* insights.query.* insights.scratch.*
-
Click on
Roles
in the left-hand menu then click on theAdd Role
button. -
Enter the Role Name:
insights.admin
and clickSave
. -
Turn Composite Roles
ON
. -
Associate it with the following roles:
insights.client.* insights.user
Create the Azure Active Directory App registration and groups
Now you need to create two users groups in AAD, one for administrators and one for standard users.
-
Visit your Azure Active Directory page in the Azure portal.
-
Click on Add > App registration.
-
Choose a user-facing display name and click
Register
. -
You need to add a user group for administrators and one for standard users. You can use existing groups, if you have any that are appropriate, or you can create new groups as desired.
Integrating Insights roles and Azure Active Directory groups
Now you need to link KX Insights roles to the Azure Active Directory groups.
-
Start a Cloud Shell session.
-
Use the below command to get the registration script. This will also list the expected parameters:
wget -qO register_idp.sh 'https://kxinsightsprod.blob.core.windows.net/registeridp/register_idp.sh?si=registeridp&spr=https&sv=2020-08-04&sr=b&sig=efvaJc3HwIBOgu2SIflLpLrjc9dckpxj01Gi45oB6Wc%3D' && chmod a+x register_idp.sh && head -n 16 register_idp.sh #!/bin/bash set -euo pipefail INSIGHTS_URL=${1%/} KEYCLOAK_ADMIN_PASSWD=${2} USER_GROUP=${3} ADMIN_GROUP=${4} APP_NAME=${5} IDP_NAME=${6:-Azure AD} IDP_ALIAS=${7:-oidc} ADMIN_USER="user" REALM="insights" USER_ROLE="insights.user" ADMIN_ROLE="insights.admin"
-
Run the below command with your own parameters:
Example execution:./register_idp.sh <INSIGHTS_UI_URL> <KEYCLOAK_ADMIN_PASSWD> <USER_GROUP_NAME> <ADMIN_GROUP_NAME> <APP_REG_NAME>
./register_idp.sh 'https://kxinsights.westeurope.cloudapp.azure.com' '********' 'KX Insights Users' 'KX Insights Administrators' 'KX Insights Platform'
At the end of the execution you should get a similar result as displayed below:
{ "appId": "********-****-****-****-************", "displayName": "KX Insights Platform", "groupMembershipClaims": "SecurityGroup", "id": "********-****-****-****-************", "redirectUris": [ "https://kxinsights.westeurope.cloudapp.azure.com/auth/realms/insights/broker/oidc/endpoint" ], "secrets": [ "https://kxinsights.westeurope.cloudapp.azure.com/insights/oidc" ] }
Test the Integration
Once the integration is complete, follow the steps below to log in to the KX Insights Platform with your Azure Active Directory credentials:
-
Locate the deployment outputs.
- Customer Managed Plan: Click on
Outputs
in the left-hand navigation menu.
- Customer Managed Plan: Click on
-
Copy the
insightsUiUrl
value and navigate to this in a new browser tab. -
Log in using your Azure credentials.
-
Accept the Permissions requested by the App.
-
You will be directed to the KX Insights Platform User Interface.