Page Comparison

As an Azure application owner, you can create client certificates in Azure for the application from for your applications in Resource Admin. EmpowerID fulfills the request by uploading the certificate to Azure on your behalf.

Note

As a prerequisite to assigning a certificate to an Azure application, the private key for the certificate needs to be uploaded to the EmpowerID certificate store. This is necessary for EmpowerID to call the Graph API on your behalfIn order to create a client certificate for your Azure application, you need to provide the base64 encoded string for the public key. If you do not have a certificate, you can generate one in EmpowerID by following the steps outlined in the below dropdown.

Expand

title	Generate a self-signed certificate

On the navbar of the EmpowerID Web interface, expand Apps and Authentication > SSO Connections and select SSO Components.
Select the Certificates tab and then click the Add button in the grid header.
Image Added
Select Generate Self-Signed Certificate.
Image Added
Enter the following information:
- Certificate Owner – Leave empty
- Prefer Local Machine Store – Leave empty
- Subject Name – Enter something suitable to the purpose of the certificate, such as CN=AzureCertificate
- Requires Password – Select this option; this adds a private key to the certificate
- Certificate Password – Enter a password for the certificate
Click Save to create the certificate.
Image Added

Download the certificate in Base64 format

From the Certificate Details page, return to the SSO Components page by clicking the Find Certificates breadcrumb.
On the SSO Components page, select the Certificates tab and search for the certificate you just created.
Image Added
Click the Name link for the certificate to navigate to the View page for the certificate.
On the View page for the certificate, click Export Certificate.
Image Added
Select the desired location in which to save the certificate and click Save.

Create certificates

Log in to Resource Admin.
Select Applications from the Resource Type menu and search for the Azure application you want to manage.
Click the Friendly Name link for the application.
Image RemovedImage Added
This directs you to the Overview page for the application.
Image RemovedImage Added
Click Client Certificates and then expand the Actions accordion.
Click the Create Azure Application Certificate action.
Image RemovedImage Added

This opens the Create Azure Application Client Certificate wizard to the Client Certificate Details form.
Image RemovedImage Added
Enter the following information in the form:
- Certificate Name – Name of the certificate
- Certificate Description – Description of the certificate
- Secret Expiration – Select an expiration date for the secret
- Certificate Base64 Encoded String – Paste in the base64 encoded string for the certificate
- Select Location – Select a location for the certificate in EmpowerID. Default Organization is selected by default; if you wish to change this, click the Default Organization link and then search for and choose the desired location from the Location tree.
- Vault this certificate – Select this option to store the certificate in EmpowerID
- Enable sharing – Select this option to allow others to request access to the certificate; if this option is not selected, users cannot view or perform any actions against the certificate in EmpowerID
- Client Secret Owner – Search for and select an EmpowerID Person to be the owner of the certificate. This is internal to EmpowerID and has no meaning in Azure; however, the field is bound to people who have accounts in the specified Azure tenant.
- Pre-approve access for owner – Select this option to allow the owner access to the certificate without requiring further human approval.
Click Next.
Review the summary and click Submit when ready.
Click Submit to close the fulfillment status message.

...

Versions Compared

Old Version 1

New Version Current

Key

Download the certificate in Base64 format

Create certificates