You will need to set up the Azure Active Directory before you can create a ScaleArc cluster on Azure SQL Database. When configured, ScaleArc calls the Azure APIs to fetch information on the setup to validate the configuration, using the Service Principal Name (SPN) to log in to Azure AD.
Setting up Azure AD on ScaleArc has an additional benefit in that it supports authentication offload for Azure AD Password authentication logins.
Follow these steps to integrate ScaleArc with Azure Active Directory (Azure AD):
- Click the SETTINGS tab > System Settings on the ScaleArc dashboard.
Click the AD Integration tab. Select Azure Active Directory from the Join with dropdown.Important: If you are currently connected to Windows AD, you need to unjoin from Windows AD in order to set up Azure AD.
Complete the fields as follows.
Field Description Default/User input Azure AD Directory ID
The Directory ID of the Azure AD you need to join.
1 In the Azure portal, click Azure Active Directory > Properties > Directory ID. 2 Copy over the Directory ID. Service Principal Name (SPN)
ScaleArc appears in Azure AD by this display name. By default, the current hostname or IP address is the display name. This name is editable.Note: You can only use dot, hyphen, and alphanumerics to rename SPN.
Use the default name or enter a different name.
- Click Join.
- Copy the code and click the link in the yellow banner.
- Enter the code obtained from the previous step and click Continue.
- Enter the Azure AD user credentials to log in. Once you enter the valid admin user credentials on the Azure AD's login page, ScaleArc establishes an admin session with Azure AD. It creates an SPN for itself on Azure AD and generates the RBAC roles describing the Read-only permissions that it needs. This process may take some time to complete.
- On completion, the screen displays a success notification. Click OK.
- By default, the 'Selected Resource Groups' column lists all the available resource groups. The RBAC role permissions are limited to the groups in this column. To remove a group from the list, select and move it into the left column. Click Grant Access. Note that you can also provide access from the Azure AD Portal.
- ScaleArc posts a success notification. Click OK to complete the setup.