Create Client Certificates

Owned by Phillip Hanegan
Last updated: Jun 05, 2023
4 min read

As an Azure application owner, you can create client certificates for your applications in Resource Admin. EmpowerID fulfills the request by uploading the certificate to Azure on your behalf.

In order to create a client certificate for your Azure application, you need to provide the base64 encoded string for the public key. If you do not have a certificate, you can generate one in EmpowerID by following the steps outlined in the below dropdown.

 

  1. On the navbar of the EmpowerID Web interface, expand Apps and Authentication > SSO Connections and select SSO Components.

  2. Select the Certificates tab and then click the Add button in the grid header.

     

  3. Select Generate Self-Signed Certificate.

     

  4. Enter the following information:

    • Certificate Owner – Leave empty

    • Prefer Local Machine Store – Leave empty

    • Subject Name – Enter something suitable to the purpose of the certificate, such as CN=AzureCertificate

    • Requires Password – Select this option; this adds a private key to the certificate

    • Certificate Password – Enter a password for the certificate

  5. Click Save to create the certificate.

 

Download the certificate in Base64 format

  1. From the Certificate Details page, return to the SSO Components page by clicking the Find Certificates breadcrumb.

  2. On the SSO Components page, select the Certificates tab and search for the certificate you just created.

     

  3. Click the Name link for the certificate to navigate to the View page for the certificate.

  4. On the View page for the certificate, click Export Certificate.

     

  5. Select the desired location in which to save the certificate and click Save.

Create certificates

  1. Log in to Resource Admin.

  2. Select Applications from the Resource Type menu and search for the Azure application you want to manage.

  3. Click the Friendly Name link for the application.

     

    This directs you to the Overview page for the application.

     

  4. Click Client Certificates and then expand the Actions accordion.

  5. Click the Create Azure Application Certificate action.


    This opens the Create Azure Application Client Certificate wizard to the Client Certificate Details form.

     

  6. Enter the following information in the form:

    • Certificate Name – Name of the certificate

    • Certificate Description – Description of the certificate

    • Secret Expiration – Select an expiration date for the secret

    • Certificate Base64 Encoded String – Paste in the base64 encoded string for the certificate

    • Select Location – Select a location for the certificate in EmpowerID. Default Organization is selected by default; if you wish to change this, click the Default Organization link and then search for and choose the desired location from the Location tree.

    • Vault this certificate – Select this option to store the certificate in EmpowerID

    • Enable sharing – Select this option to allow others to request access to the certificate; if this option is not selected, users cannot view or perform any actions against the certificate in EmpowerID

    • Client Secret Owner – Search for and select an EmpowerID Person to be the owner of the certificate. This is internal to EmpowerID and has no meaning in Azure; however, the field is bound to people who have accounts in the specified Azure tenant.

    • Pre-approve access for owner – Select this option to allow the owner access to the certificate without requiring further human approval.

  7. Click Next.

  8. Review the summary and click Submit when ready.

  9. Click Submit to close the fulfillment status message.

    Â