This article applies to the Smoothwall Filter & Firewall (Hardware Appliance or Virtual Machine).
Azure Active Directory may be added and synced directly from the Smoothwall Filter & Firewall Admin UI, for use with Cloud Filter on client devices.
Allowing Access to Azure Directory
You must give Smoothwall access to your Azure Directory before syncing your data and mapping the groups to Guardian Filter groups. This process has four steps:
- Add a new registration.
- Configure permissions.
- Copy the secret.
- Copy the Client ID and Tenant ID.
1. Add a New Registration
- In Azure Directory (http://www.portal.azure.com/), select the top left icon and select Azure Active Directory from the sidebar.
- Select App Registrations from the sidebar.
- Select New Registration.
- Enter a Name.
- Check the Accounts in the organisation directory only checkbox.
- Select Register.
2. Configure Permissions
- Select API Permissions from the sidebar.
- Select Add Permission.
- Select Microsoft Graph.
- Select Application Permission.
- Enter Directory in the search bar.
- Expand the Directory arrow and select Directory.Read.All.
- Select Add Permission.
- Select Grant Admin Consent.
- A confirmation window will appear. Select Yes.
- The Status will update to Granted with green ticks.
3. Copy the Secret
- Select Certificates and Secrets from the sidebar.
- Select New Client Secret.
- Enter a Description.
- Select Expires in 24 months.
Tip
Add a reminder in your calendar to update the Secret in 24 months.
- Select Add.
Warning
Do not navigate away from this page until you have copied the Value, otherwise the Value will be hidden, and you will not be able to see it again. You will need to delete and generate a new Secret again. - Copy the data string under the Value column and paste it into a notepad.
NOTE: Be sure to copy the Value string and not the ID string - the Value is a random string of alphanumerics and special characters - the ID value is a dash-delimited UUID.
4. Copy the Client ID and Tenant ID
- Select Overview from the sidebar.
- Copy the Application (client) ID and paste it into a notepad.
- Copy the Directory (tenant) ID and paste it into a notepad.
Creating and Syncing your Directory
Warning
The initial sync can take up to 2 hours depending on the size of your directory.
- Log in to the Smoothwall Filter & Firewall Admin UI.
- Navigate to Services > Authentication > Directories.
- Select 'Add new directory' in the top-right of the page.
- In the setup wizard:
- Ensure status is set to Enabled.
- If you are multi-tenanted organisation, you can select All tenants or Selected Tenants.
- Select Azure AD.
- Type a description you will recognise in Name.
- Paste your Client ID (Azure Application ID).
- Paste the Client Secret (Azure Client Secret value).
- Paste your Azure Tenant ID (Azure Directory ID).
- Click Save.
The sync will begin automatically. The “Last Sync Date” will display in the Directory Diag page by selecting the 'Diagnose' option on the right when you hover your mouse over the new directory.
Once the directory sync has completed, you may map Azure AD groups to Filter Groups.
Forcing a Manual Sync
The Smoothwall Filter & Firewall will sync with Azure every 24 hours, however you can force a manual sync by selecting the 'Sync' option on the left when you hover your mouse on the Azure AD Directory.
Follow-up tasks
- Create custom User Groups to link AD security groups to local User Groups for use in web filter policies. See Smoothwall Filter & Firewall: User Groups