How to set up Microsoft Entra ID for use with Secure Edge

Topic

This article discusses how to set up Entra ID (formerly Azure Active Directory) for use with Datto Secure Edge.

Environment

  • Datto Secure Edge

Description

Index

This process requires you to switch repeatedly between Entra ID and the Datto Network Manager UI. We recommend keeping both pages open in separate browser windows.

1. In Microsoft Azure, search for and select Entra ID.


2. Select App Registration from the left-hand menu, then click New Registration at the top of the screen.


3. On the Register an Application page, fill in the application name and select an account type. When finished, click Register.


1. In Network Manager, click Secure Edge in the Navigation menu, then select Service Settings from the expanded options. On the Service Settings page, expand Subscriber Settings.


 

2. In the IdP Type drop-down menu, select OIDC. The options will change into a series of fields for Client ID, Client Secret, and Discovery URL.

3. In the ClientID field, Enter the Application Client ID from the app information page in Entra ID.


4. To obtain the Client Secret, return to Entra ID and navigate to Certificates & Secrets in the left-hand menu, then click New Client Secret.

Copy the generated client secret Value, return to Datto Network Manager, and paste the value into the Client Secret field.

5. To find the Discovery URL, return to Entra ID and click Overview in the left-hand menu, then click Endpoints at the top of the screen. The Endpoints window will open. Copy the entry for OpenID Connect Metadata document.


Return to Datto Network Manager and paste the entry into the Discovery URL field.


The system will attempt to validate the Discovery URL. A green checkmark icon will appear.

1. In Network Manager Service Settings, copy the Redirect URI.


2. On the Entra ID overview page, click Authentication in the left-hand navigation menu, then click Add a Platform under the Platform configurations heading.


3. The Configure Platforms pane will open. Select Web, then paste the Redirect URI into the blank space at the bottom of the Web tile. Be sure the paste operation does not include a leading space character, as this will cause an error.


The Authentication page will then show the Redirect URI under the Web heading in the main body of the page.


At this point, Secure Edge and Entra ID should be properly connected.

To ensure that your certificate lifetime aligns with your environment's security practices, you'll need to set the client secret expiration to a custom value. To do so, perform the following steps

  1. In the left navigation pane of the Entra ID Overview page, click Certificates & secrets.

  2. Click the Client secrets tab.

  3. Click New client secret.

  1. In the Add a client secret window that opens, enter a description for the client secret in the Description field.

  2. Click the arrow next to the Expires drop-down and select Custom. Define the interval at which you'd like to rotate keys for security purposes.

  3. Click Add.