Windows Azure Pack: Active Directory Authentication – Part 3

May 8, 2014 at 3:16 pm in Uncategorized by Christopher Keyaert

Welcome back to this series about Windows Azure Pack – Active Directory Authentication. Azure Directory is now configured as an identity provider, we will focus on the final WAP Configuration to use Azure Directory for our tenants authentication.

It’s time to go back to Microsoft Azure and open our Access Control Service site. There we have to click on Application Integration and copy the WS-Federation Metada url as below.

Your WS-Federation Metada url should looks like to the following:
Update the PowerShell script below with your own values:

$dbServer = ''
$dbuser = 'sa'
$dbPassword = '*******'
$portalnectionString = [string]::Format('Data Source={0};Initial Catalog=Microsoft.MgmtSvc.PortalConfigStore;User ID={1};Password={2}', $dbServer, $dbuser, $dbPassword)
Set-MgmtSvcRelyingPartySettings -Target @(&quot;Tenant&quot;) <code>
 -MetadataEndpoint </code>
 -ConnectionString $portalnectionString -DisableCertificateValidation 

Logon to the Windows Azure Pack server and start a Windows Azure Pack Administrator PowherSell prompt as Administrator. Copy/Paste the script updated with your own values.

Done, we are now all set and it’s time to test J

We have to start Internet Explorer and go to the Tenant Portal.

We are automatically redirected to our ACCESS Control Service we created in Microsoft Azure.

We have now to sign in with our Azure Active Directory credentials, which are in fact the same than our on premise Active Directory credentials thanks to DirSync.

And we finally have access to our Tenant Portal with our on premise Active Directory Credentials.

From the Management Portal, we could now assign a Subscription to our Account.

This is all for today, have a good day!