Configure Settings & Person for the Cloud Gateway

Owned by
Dev Raj Gautam
Last updated: Jul 07, 2022
3 min read

The first step in deploying the cloud gateway is to configure the EmpowerID system settings & a Person to use the Cloud Gateway. Follow the instructions below to provide the configuration of the Azure tenant for the Cloud Gateway and create a person with the required privileges.

Prerequisites: The following details & permissions of the Azure environment are needed to configure the

  • Azure tenant and the subscription.

  • Azure resource group created and identified, or sufficient privileges in the subscription to create the resource group.

  • Sufficient privileges to create and configure an Azure Relay in a new or existing resource group. Azure Relay should be created in the azure tenant for the cloud gateway to be configured. You can follow Create a namespace in the Azure portal docs instructions.

  • Hybrid Connection is created in Azure Relay. Please follow the instructions to Create a hybrid connection.

  • Sufficient privileges to create an App Registration and a client secret for use by EmpowerID.

  • Sufficient privileges to assign the App Registration Service Principal the "Contributor" role to the Hybrid Connection. Please ensure the App Registration is done and the appropriate role is assigned to the Hybrid Connection.

Configure EmpowerID System Settings

Please ensure you have information about the Azure tenant or the rights to do so as mentioned in the Prerequisites. You must have Azure Relay & Hybrid Connections created in the Azure, and the App Registration Service Principal must be assigned the "Contributor" role to the Azure Relay. These are mentioned in the Prerequisites above.

  1. Expand Infrastructure Admin ->EmpowerID Server and Settings -> EmpowerID System Settings in the navigation sidebar.

  2. Search for "Azure," locate the Azure-ClientID setting and click the Edit button.

     

  3. Please provide the necessary settings for the Azure. Click on the Save Button to store the settings.

    • Name - Name of the setting.

    • Encrypted Value - Azure Client ID

    • Description - Provide details about the setting.

    • Encrypt Data - Select the checkbox if you want to cipher the value.

       

  4. You will have to provide other Azure settings too. Please repeat steps 2 & 3 above for all the settings below.

    1. Azure-ClientSecret: Client secret of the Azure tenant.

    2. Azure-ResourceGroup: Resource group container of the Azure tenant.

    3. Azure-SubscriptionID: The GUID for the subscription.

    4. Azure-TenantID : GUID for your subscription.

    5. Azure-DataCenterLocation : Azure Data Center location where your azure tenant resides.

    6. Azure-Relay :

    7. Azure-RelayNamespace :

    8. Azure-AuthorizationRule:

The configuration of the settings needed for the Azure tenant is done. Please move forward to Setup the RemoteCloudGateway Person Account.

Setup the RemoteCloudGateway Person Account

Now, let's set up the person with the required privileges to register & connect to the EmpowerID Cloud Gateway. You will need the person created here in this step when you install the cloud gateway client.

  1. On the navbar, expand Identity Administration and select People.

  2. Click the Create Person Advanced Action link.

     

  3. In the General tab of the Create Person form that appears, enter the following information:

    • First Name – First name

    • Last Name – Last name

    • Display Name – Enter the name that will appear for the person in the User Interface

    • Login – Enter the login for the account or click the icon to have EmpowerID suggest one for you

    • Primary Business Role and Location – Click Select a Role and Location and do the following:

      • Search for and select Temporary Role as the Business Role

      • Search for and choose Temporary Location as the Location

      • Click Select.

    • Management Roles – Search for and select UI-Admin-Cloud-Gateway.

  4. Leave all other fields empty and click Save.



Â