This article applies to organisations with a 'Hybrid' setup (both On-Premise Appliance and Cloud), as well as On-Premise only and Cloud only setups.
You can add a Google Directory to your list of Directories to manage groups of users for your policies.
Before you begin
You must give Smoothwall access to your Azure Directory:
- Register Smoothwall as an application. Make a note of your Application (client) ID and Directory (tenant) ID from Azure.
- Create a client secret. You must copy the Value (not the Secret ID), before navigating away. If you navigate away it will be hidden, so you would need to delete the Client secret and generate a new one.
- Grant the app permissions for the web API - Grant Admin Consent for the Directory with the Directory.Read.All permission.
Hybrid setup (both Cloud and On-Premise Appliance
If you have a ‘Hybrid’ setup (both Cloud and an On-Premise Appliance), you must add your Azure directory in your On-Premise Appliance because:
- Azure directories added in Cloud only exist in Cloud and are not synced to the On-Premise Appliance.
- Azure directories added in the On-Premise Appliance will sync to Cloud.
Since deleting a directory in the On-Premise Appliance will not delete the directory in Cloud, and you can’t delete directories in Cloud, you would need to:
- Delete the directory in your On-Premise Appliance.
- Contact Smoothwall Support to request that we delete the directory from Cloud.
On-Premise Appliance
Important
If you want to sync only users in a certain group or a single user, contact Smoothwall Support. We will advise on how to configure the fields with the right syntax to ensure the sync works. Do not fill out the Advanced Options without our guidance.
Add an Azure directory
- Go to Services > Authentication > Directories.
- Select Add new directory.
- If you have a ‘Hybrid’ setup (both Cloud and On-Premise Appliance), you’ll see a Directory in Cloud Portal field. Select Enabled to push the directory setup from On-Premise Appliance to Cloud. If you don’t select this checkbox, the directory will exist in On-Premise Appliance only.
- If you are in a multi-tenant environment, select the tenant.
- Select the Type as Azure AD.
- You can use the default name of AzureAD, or change it to your preferred name.
- Enter your Client ID (Azure Application ID).
- Enter your Secret (Azure Client Secret value).
- Enter your Tenant ID (Azure Directory ID).
- Select Advanced options to sync only users from within a certain Group or a single user.
- (Optional) Enter a descriptive comment.
- Select Add.
Your Azure directory will sync automatically with your On-Premise appliance during the next night. If you want to sync immediately, you can run a manual sync. Once the sync with the On-Premise appliance is finished, you will also see the directory in Cloud.
Sync an Azure directory
If you make a change in Azure, you must manually sync with your On-Premise appliance to update it. Syncing with your On-Premise appliance can take up to 2 hours depending on the size of your directory.
- Go to Services > Authentication > Directories.
- Hover over the directory and select Sync.
If you have a ‘Hybrid’ setup, the changes will be pushed to Cloud.
Edit or delete an Azure directory
- Go to Services > Authentication > Directories.
- Hover over the directory and select Edit or Delete.
When editing, you can choose to deselect the Enabled box to keep the directory but not use it in Smoothwall.
Cloud
Add an Azure directory
- Go to Admin Panel > Directories.
- Select Add directory.
- Select Azure, then Confirm.
- Enter a name for your directory.
- If you are in a multi-tenant environment, select All tenants, or Selected tenants and specify the tenant(s).
- Enter your Client ID (Azure Application ID).
- Enter your Client Secret (Azure Client Secret value).
- Enter your Azure Tenant ID (Azure Directory ID).
- Select Save.
Your Azure directory will sync automatically with your On-Premise appliance during the next night. If you want to sync immediately, you can run a manual sync.
Sync an Azure directory
If you make a change in Azure, you must manually sync with your Smoothwall Cloud to update it. Syncing with Cloud can take up to 10 minutes depending on the size of your directory.
- Go to Admin Panel > Directories.
- Select the directory and select Sync Directory.
Edit or delete an Azure directory
- Go to Admin Panel > Directories.
- Select the directory from the list to edit it.
Contact Smoothwall Support if you want to delete a directory from Cloud, or keep the directory but not use it in Smoothwall.
Next step
You must map your Directory User Groups to the Smoothwall User Groups to authenticate users and apply Web Filter Policies.