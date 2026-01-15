Microsoft Azure Authentication is a service provided by Microsoft Azure, the cloud computing platform of Microsoft. It is designed to provide secure access control and authentication for applications and services hosted on Azure.

UFM supports Authentication using Azure Active Directory, and to do so, you need to follow the following steps:

To log in via Azure, UFM must be registered in the Azure portal using the following steps:

Log in to Azure Portal, then click "Azure Active Directory" in the side menu. If you have access to more than one tenant, select your account in the upper right. Set your session to the Azure AD tenant you wish to use. Under "Manage" in the side menu, click App Registrations > New Registration. Provide the application details: Name: Enter a descriptive name. Supported account types: Account types that are allowed to login and use the registered application. Redirect URL: select the app type Web, and Add the following redirect URL https:// /auth/login Then, click Register. The app’s Overview page opens. Under Manage in the side menu, click Certificates & Secrets > New client secret. Provide a description for the client secret and set an expiration time, then click "Add." Copy the client secret key value which will be needed to configure the UFM with Azure AD (Please note that the value of the generated secret will be hidden and will not be able to be copied/read after you leave the page. Under "Manage" in the side menu, click App roles > Create app role. Provide the role details. Please note that the role value must be a valid UFM role; otherwise, the login will fail. Assign the created role to the user. Follow the below steps: Click on "Overview" in the side menu to view the application information, such as tenant ID, client ID, and other details.

Azure authentication is disabled by default. To enable it, please refer to Enabling Azure AD Authentication.

After enabling and configuring Azure AD authentication, an additional button will appear on the primary UFM login page labeled 'Sign In with Microsoft,' which will leads to the main Microsoft sign-in page:

Kerberos is a network authentication protocol designed to provide strong authentication for client-server applications by using secret-key cryptography.

The Kerberos protocol works on the basis of tickets, it helps ensure that communication between various entities in a network is secure. It uses symmetric-key cryptography, which means both the client and servers share secret keys for encrypting and decrypting communication.

To enable Kerberos Authentication, refer to Enabling Kerberos Authentication.

To set up a system as a Kerberos server, perform the following:

Install the required packages: Copy Copied! #Redhat sudo yum install krb5-libs krb5-server # Ubuntu sudo apt-get install krb5-kdc krb5-admin-server Edit the Kerberos configuration file ‘ /etc/krb5.conf ’ to reflect your realm, domain and other settings: Copy Copied! [libdefaults] default_realm = YOUR-REALM [realms] YOUR-REALM = { kdc = your-kdc-server admin_server = your-admin-server } [domain_realm] your-domain = YOUR-REALM your-domain = YOUR-REALM Use the kdb5_util command to create the Kerberos database: Copy Copied! kdb5_util create -r YOUR-REALM -s Add administrative principals: Copy Copied! Kadmin.local addprinc -randkey HTTP/YOUR-HOST-NAME @YOUR -REALM Start KDC and Kadmin services: Copy Copied! sudo systemctl start krb5kdc kadmin sudo systemctl enable krb5kdc kadmin Generate a keytab file. The keytab file contains the secret key for a principal and is used to authenticate the service. Copy Copied! kadmin.local ktadd -k /path/to/your-keytab-file HTTP/YOUR-HOST-NAME @YOUR -REALM Replace /path/to/your-keytab-file with the actual path where you want to store the keytab file.

Follow the below steps to set up a system as a Kerberos client.