Azure Active Directory

If Portal is deployed in a cloud environment with Azure Active Directory (AAD), the Student STS and Staff STS are not used for the authentication of Portal users. When authentication is provided by the AAD, applicants, students, and staff will log in to Portal via the Microsoft Azure login page.

In an AAD environment, the "Change Password" page and the "Forgot Password" option are not available in Applicant Portal, Student Portal, and Faculty Portal. Portal users need to use the steps on the following website to access the self-service password reset:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-update-your-own-password

Portal Configuration Tool

If Portal is deployed in a cloud environment with Azure Active Directory (AAD), in the Portal Configuration tool, ensure that the Change Password option is not enabled in the Security Roles associated with the campus.

Clear the Add Menu and Quick Link check boxes for Change Password under Menu Transactions and Quick Links Manager to prevent the "Change Password" page (which is non-functional with AAD) from being displayed in Portal.

Security Roles > Menu Transactions and Quick Links

For more information about the Azure AD self service password reset, refer to the following website:

https://docs.microsoft.com/en-us/azure/active-directory/active-directory-passwords-getting-started

Portal Admin Console

When Portal is integrated with AAD, administrators cannot edit the information of Portal users in the Portal Admin Console.

Portal Admin Console > Administration

The Edit option is not displayed for a Portal user account. The account can only be edited at the Azure AD website listed above.

Portal Student Account information

Configure Azure Active Directory Settings

A new menu for Azure Active Directory Settings added on the Admin Console homepage. The new menu allows you to configure the AAD related settings for a portal URL/site. The values stored for a given site will be used during user account creation on a given tenant configured for the site.

  1. Select a site name or URL from the drop down menu.

  2. Specify the Tenant ID, Secret Key and the Client ID of the tenant associated to the selected URL. Items marked with an asterisk are required.

    Note: You cannot enter more than 100 characters each in the Secret Key and Client ID textbox and the Tenant ID must be a valid GUID.

  3. Click the Save button. The provided AAD settings will be linked for the selected site.

AAD Authentication Configuration – List of Supported Attributes

The following attributes can be used with Azure Active Directory (AAD). Some of these attributes may have special restrictions, i.e., UserPrincipalName (UPN) attribute value.

AAD Supported Attributes

Another way to determine available and populated attributes is to use Microsoft Graph Explorer as a particular user and run a query similar to find out which property is populated.

Query Example:

https://graph.microsoft.com/v1.0/users?$top=2&$select=displayName,userPrincipalName, mail,extensionAttribute3,companyName,department&$filter=userPrincipalName eq 'User1000803921@xyz.edu'

Note: Extension attributes are case sensitive.

For example, if the extension attribute is defined as <some numbers>_extensionAttribute3 and the SySiteSettings table stores <some numbers>_extensionattribute3, the student will not be matched correctly.