Azure AD Authentication

Ivanti Neurons currently offer the option of selecting Azure AD as the external authentication provider for your tenant. This is a good choice if you want to centralize the end user log on experience, reduce the occurrence of password related calls to the help desk, and have granular controls over policies and audit trails.

To use Azure AD all members must accept the request for Ivanti to access their basic Azure profile data.

Configure & Enable External Authentication

Configure Auto Provisioning

Enabling auto provisioning will automatically grant access to Ivanti Neurons for all members within the Azure AD App Registration without having to go through the manual invite process. When a new member logs in for the first time, a new Ivanti Neurons Platform account will be provisioned in Ivanti Neurons > Members. All new auto provisioned members will be granted the access control roles defined in the set up.

Once enabled, the options: Edit the default access control roles, and Disable auto provisioning, become available. Any roles edits, or disabling, of auto provisioning will not affect any existing auto provisioned members, it will only apply to those who are provisioned after the changes have been made.

You must configure the Optional Claims from Step C - Token Configuration for auto provisioning to work.

Important: Once auto-provisioning has been enabled, everyone who has access to the Azure App Registration will have access to Ivanti Neurons. You can restrict access to certain users or groups from within the Azure AD Portal. Refer to the Microsoft Azure documentation for further details.

Update Client Secret

If the Azure AD client secret is due to expire, you need to set a new one to continue using this authentication method.

  1. In Ivanti Neurons Platform navigate to Setup > Authentication.
  2. Click Actions and select Update client secret.
    The Update Client Secret page displays.
  3. Enter the new client secret from your Azure AD application.
  4. Enter the date to receive a reminder of when the client secret is due to expire. A reminder banner will display in the UI and an email reminder will be sent to users with the Admin role, 28 days before expiry. Further reminder emails will be sent 7 days before and a day before expiry.
    If the client secret is allowed to expire and a new one is not set, access to the service will be interrupted and you will need to contact Ivanti Support to regain access.
  5. Click Continue.
    The Validate Client Secret page displays.
  6. Click Validate Client Secret, this opens your Azure AD sign in page.
    Enter your username and password, this will be the same as the sign-in credentials for the Ivanti Neurons Platform. When you sign-in the new client secret is validated. If successful, return to this wizard and continue to update the client secret. If it is unsuccessful, go back and check if the new client secret you entered is accurate. For other failure reasons see Validation Troubleshooting
  7. Once you have successfully validated the new client secret, select the confirmation check box I confirm I have successfully validated my new client secret and click Continue.
  8. Click Save Changes to complete the process. This updates the client secret and the expiry reminder with immediate effect, you are not required to do anything further.