Requirements for Identity Provider Integration with PROXY Pro
PROXY Pro RAS v10.0 includes a new Identity Manager component that centralizes all authentication and directory search logic for the Server product (Web Console and Gateway Server). In v10.0, the built-in integrations are:
-
Computer directory services via Active Directory lookup (for Host Grouping by AD OU)
-
User directory services (user accounts and user groups) via:
-
Active Directory lookup for local accounts
-
-
-
Win32 “LogonUser” call for local accounts
-
OpenID Connect Assumptions/Requirements
PROXY Pro v10.0 requires the following information from an OIDC provider:
|
PROXY Pro usage
|
OIDC Claims (in order examined)
|
|
Id (unique account ID)
|
sub, oid
|
|
Account Name
|
upn, unique_name
|
|
Friendly Name (optional)
|
name
|
|
Email Address (optional)
|
email
|
|
Group Membership
|
groups
|
In v10.0 first release, the OpenID Connect integration assumes that the integration is with Microsoft Azure AD. When this is generalized, the following parameters will be configurable:
|
Parameter
|
Azure AD Example
|
|
OIDC Root URL
|
https://login.microsoftonline.com/
|
|
Domain Name
|
In Azure case, DNS name of domain, e.g. “proxynetworks.com”, appended to OIDC Root URL (e.g. https://login.microsoftonline.com/proxynetworks.com/).
|
|
Client ID
|
Now called “Application ID” in Azure, identifies the PROXY Pro Server application instance
|
|
Application Key
|
Now called “Password” in Azure, allows application instance to authenticate to Azure services
|
