This process is used to define who has access to the Cloud Commander User Interface.
Registration of UI Authentication Application
UI Frontend
Go to Azure Portal [https://portal.azure.com], navigate to Azure Active Directory -> App registrations and click New application registration.
Name: Cloud Commander frontend (change to suit your environment)
Supported account types: Accounts in this organization directory only
Redirect URI: https://qt-cc-<FILL>-ui.azurewebsites.net/signin-oidc (URL is based on your parameter.json file)
Application Roles
Next you have to edit the application manifest:
Replace tag “appRoles: [],” with:
"appRoles": [
{
"allowedMemberTypes": [
"User"
],
"displayName": "Cloud Commander Operator",
"id": "2089bb36-a47e-46b9-9104-9857a241027a",
"isEnabled": true,
"description": "Cloud Commander Operator",
"value": "CCOperator"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Cloud Commander Admin",
"id": "d1c2ade8-98f8-45fd-aa4a-6d06b947c66f",
"isEnabled": true,
"description": "Cloud Commander Admin",
"value": "CCAdmin"
},
{
"allowedMemberTypes": [
"User"
],
"displayName": "Cloud Commander Reader",
"id": "c20e145e-5459-4a6c-a074-b942bbd4cfe1",
"isEnabled": true,
"description": "Cloud Commander Reader",
"value": "CCReader"
}
],
The GUIDs in the ID Section are Random Identifiers. You can copy and paste this exactly.
The result after the save should look like this:
Single Sign On
Go to managed application in local directory by clicking on the “Managed application in local directory” link:
Enable ‘User assignment required‘:
Note: Don’t forget to enable ID Token, otherwise you will get an unauthorized error on UI startup
Return to the Application Registration Page to make this setting change:
Single Sign On
Go to managed application in the local directory:
Assign users and groups into Cloud Commander roles (add your Azure login as an Admin):