Adding Chaos application from Azure Gallery
- Log in to your Azure portal and navigate to the Azure Active Directory service.
Your Portal may look different due to a number of factors ranging from theme selection, changes on Azure side, etc. |
This page provides information on how to configure Corporate Sign in in Chaos services with Azure.
In this section we explore how you to integrate your Azure identity provider with Chaos, so that your employees benefit from the Corporate Sign In functionality.
Before doing the steps in this section, make sure to reach out to Chaos first to request the Corporate Sign In feature.
Your Portal may look different due to a number of factors ranging from theme selection, changes on Azure side, etc. |
2. Navigate to the Enterprise applications menu on the left.
3. Navigate to the All applications menu on the left.
4. Use the New application button at the top.
5. Search for the Chaos application and select it.
6. Once selected, click the Create button on the right-hand side.
2. Find and select the Chaos application in the list.
If it does not show, try waiting a minute or so and refresh the page. |
3. Navigate to the Properties menu.
4. Ensure that Enabled for users to sign-in is set to Yes.
5. Change User assignment required? to Yes.
You can leave this option to No but that means all employees in your Azure tenant will be able to access Chaos with their user credentials. Normally, you would want to keep this setting aligned to the provisioning settings (explored later) which means that if you leave it as is, you would also need to provision all users to Chaos. |
6. Navigate to the Users and Groups menu.
7. Use the Add user/group button to add users and groups to the Chaos application. Users and groups added to this application are able to login to Chaos using the Corporate Sign In functionality. This setting is also important when provisioning is configured.
Make sure to add your administrator to this list. |
If you selected No in the User assignment required option, then you don’t need to add any users or groups here. |
The following steps need to be followed by the Administrator of your Azure tenant.
Make sure to enable the Consent on behalf of your organization checkbox. This prevents the dialog from appearing to every non-administrator user that tries to log in. |
4. Verify that you are logged in successfully to the Chaos web page.
2. Find and select the Chaos application in the list.
3. Navigate to the Provisioning menu.
4. Press the Get started button.
5. Select Automatic provisioning mode.
6. Configure Tenant URL and Secret Token.
The URL has the following pattern: https://scim.chaos.com/<chaos-tenant-id>/v2
The chaos-tenant-id and secret token are received as part of the onboarding process.
7. Verify the configuration with the Test Connection button.
8. Use the Save button to save the configuration.
Once you save the configuration, additional Mappings and Settings sections appear. These are configured next. |
9. Expand the Mappings section.
10. By default the Group mapping function is not visible. However if it is visible on your end, here is how to disable it.
a. Click on the Provision Azure Active Directory Groups link.
b. Disable the Group mapping.
Chaos does not process Groups, as such this mapping is unnecessary. Even when disabled, it is still possible to assign Groups in the Users and Groups setting of the Application and use them to control access and provisioning.
c. Save the changes to the Group mapping.
11. Return to the Mappings section and select the Provision Azure Active Directory Users link.
12. Make sure the Attribute Mappings table looks as it follows.
13. Save the changes to the User mapping. If no changes were performed, navigate back to the previous screen.
14. Expand the Settings section.
15. Ensure the Scope is set to Sync only assigned users and groups.
When configuring the Application, if you decide to allow all Azure users in your tenant to be able to log in to Chaos, set the Scope to Sync all users and groups to get a consistent experience. |
16. Set Provisioning Status to On.
17. Save the provisioning settings.
Provisioning is now enabled. You can check whether it is working successfully through the Application's Provisioning menu.
Currently, Azure performs provisioning on regular intervals of 40 minutes. Most likely, you will need to wait that much to see if it works successfully. This also means that it takes at least 40 minutes when a user is disabled in your Azure directory to take effect in the Chaos system. |