Set up Azure sign-in on the Login page

This article details how to set up Azure authentication, so users can sign in using the Azure sign-In button on the SSL Login page.

Before you begin

Smoothwall Appliance settings

  Ensure:

• The Smoothwall Appliance hostname is a valid FQDN (Fully Qualified Domain Name), not a short hostname.
• You have a Web proxy authentication policy to Redirect users to non-SSL login page or Redirect users to SSL login page.
• You have a Smoothwall access rule to Accept traffic for the Other web access on HTTPS (442) service.
• You add an Authentication Exception for the Microsoft Office 365 category.

User device settings

• Ensure devices store session cookies for all browsers, as this is required for authentication to function.
• To prevent a certificate error when trying to access the SSL Login page:
  • Deploy a certificate to devices using a Group Policy or the getcert page.
  • For BYO devices, use a certificate purchased from a real-world third-party Certificate Authority vendor. Clients automatically trust this certificate without needing to deploy to the device.
    1. Import the certificate.
    2. Go to System > Preferences > User interface. In the Certificates section, change the User-facing HTTPS services field to use the new certificate, then select Save.

Step 1: Link your Smoothwall Appliance to Azure

1. Sign in to Entra ID (formerly Azure Active Directory).
2. Sync your Azure Directory to Smoothwall.
3. Find your Client ID (Azure Application ID) and Client Secret.
4. Add a redirect URI:
   1. For Configure platforms, select Single-page application.
   2. Enter https://smoothwall.local:442/redirect where smoothwall.local is the hostname where users will sign in.
5. Confirm the following settings:
   • Access tokens (used for implicit flows) is not selected.
   • ID tokens (used for implicit and hybrid flows) is not selected.
   • Supported account types is set to Multi-Tenant.

Step 2: Set up the Login page in Smoothwall Appliance

1. In your Smoothwall Appliance Admin UI, go to Services > Authentication > Azure.
2. Select the Azure Sign-In button checkbox so users can sign in with Google instead of a username and password.
3. Enter the Client ID and Client Secret.
4. For Approved domains:
   • Select the Allow logins from the following domains checkbox to only authenticate users from the domains you enter into the box. 
     • If you allow browsing without authentication, users will be treated as Unauthenticated IPs.
     • If you redirect users to the Login page using your Web proxy authentication policies, users who don’t sign in using an approved domain can’t log in, authenticate or continue browsing.
   • Don’t select the checkbox and leave the box blank to allow authentication for all domains.
5. Select Save changes.