Azure Active Directory Integration

Azure Active Directory Configuration

  1. Visit https://portal.azure.com/#home
  2. Select Azure Active Directory from the Azure services list.
  3. Select App registrations from the left menu under the "Manage" group and click the "New
    Registration"
    button.
  4. Type "kondukto" into the name field, and select the supported account type to configure who can
    access Kondukto from Azure Active Directory, select "Web" as the Redirect URI platform, add '{YOUR_KONDUKTO_HOST}/login/azureactivedirectory' as Redirect URI, and click on the "Register" button.
  5. Select Certificates & secrets from the left menu under the Manage group in kondukto application registration.
  6. Select the Client Secrets tab and click the "New client secret" button.
  7. Type "kondukto" into the description field, select an expiration value from the list, and click the
    "Add" button.
  8. Copy the client's secret value to a safe place.
  9. Select API permissions from the left menu under the Manage group in the kondukto application
    registration and click the "Add a permission" button.
  10. Select the Microsoft APIs tab, select Microsoft Graph from the API list, and select the Application
    permissions value as the type of permission, choose and expand Directory permissions from the permissions list, and check Directory.Read.All permission and select and expand User permissions from the permissions list, check User.Read.All permission and click the "Add" permissions button.
  11. In the same Microsoft APIs tab, select Microsoft Graph from the API list, select the Delegated permissions value as the type of permission, select and expand OpenId permissions from the permissions list, check email, openid, profile permissions and select and expand Mail permissions from the permissions list, check Mail.Read permission and, select and expand User permissions from the permissions list, check User.Read permission and click the "Add" permissions button.
  12. Click on the "Grant admin consent for the default directory" button, then click on the "Yes" button on the popup confirmation panel.

  1. Select Token configuration from the left menu under the Manage group in kondukto application registration and click the “Add optional claim” button.
  2. Select the ID value as a token type and select the email, family_name, given_name, preferred_username claims from the claim list and click on the “Add” button.
  3. Check the checkbox and click on the “Add” button on the optional claim popup confirmation panel.
  4. Select App roles from the left menu under the Manage group in kondukto application registration and click the “Create app role” button.
  5. Enter “Kondukto Admin” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoAdmin” value as Value, and enter “Kondukto Admin” value as Description and click on the “Apply” button.
  6. Enter “Kondukto Product Owner” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoProductOwner” value as Value, and enter “Kondukto Product Owner” value as Description and click on the “Apply” button.
  7. Enter “Kondukto Manager” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoManager” value as Value, and enter “Kondukto Manager” value as Description and click on the “Apply” button.
  8. Enter “Kondukto Team Lead” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoTeamLead” value as Value and enter “Kondukto Team Lead” value as Description and click on the “Apply” button.
  9. Enter “Kondukto Developer” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoDeveloper” value as Value, and enter “Kondukto Developer” value as Description and click on the “Apply” button.
  10. Enter “Kondukto Pentester” value as Display name, select “User/Groups” value as Allowed member types, enter “KonduktoPentester” value as Value, and enter “Kondukto Pentester” value as Description and click on the “Apply” button.
  1. Select Overview from the left menu.
  2. Copy Application (client) ID and Directory (tenant) ID to a safe place.
  3. Click the “kondukto” value in the connection link “Managed application in local directory” in
    Essentials panel.

  1. Select Properties from the left menu.
  2. Select the value of “Assignment required?” as “Yes” then click on the “Save” button.

  1. Select Users and groups from the left menu, then click on the “Add user/group” button.
  2. Select a group and assign the group with “Kondukto Admin” role and then click on the “Assign”
    button.
  3. Select a group and assign the group with “Kondukto Product Owner” role and then click on the “Assign” button.
  4. Select a group and assign the group with “Kondukto Manager” role and then click on the
    “Assign” button.
  5. Select a group and assign the group with “Kondukto Team Lead” role and then click on the
    “Assign” button.
  6. Select a group and assign the group with “Kondukto Developer” role and then click on the
    “Assign” button.
  7. Select a group and assign the group with “Kondukto Pentester” role and then click on the
    “Assign” button.

Kondukto Configuration

  1. Login to your Kondukto application with a user who has the admin role.
  2. Select “Settings” from the left menu.
  3. Select “Single Sign-On-Tools” from the Integrations menu.
  4. Create or Update the Azure Active Directory.
  5. Enter Tenant ID, Client ID, and Client Secret information of your Azure Active Directory
    application, which is named kondukto
  6. Map roles defined in Azure Active Directory kondukto application with listed Kondukto roles.