4.3

You are viewing documentation for an older version of Lenses.io View latest documentation here

Azure

Map groups to Lenses 

Groups are case-sensitive and mapped by UUID with Azure

Integrate your user-groups with Lenses using the Azure group IDs. The group IDs are in universally unique identifier (UUID) format. Create a group in Lenses using the UUID as the name.

For example, if the Engineers group has the UUID ae3f363d-f0f1-43e6-8122-afed65147ef8, create a group with the same name:


Azure SSO / SAML and Kafka RBAC

To learn how to use data centric permissions for users and service accounts check the help center .

Configure single sign-on for Azure in the security.conf file.

lenses.security.saml.base.url = "https://my.lenses.com"
lenses.security.saml.idp.provider = "azure"
lenses.security.saml.idp.metadata.file = "/path/to/federation-metadata-xml.xml"
lenses.security.saml.keystore.location = "/path/to/keystore.jks"
lenses.security.saml.keystore.password = "my_keystore_password"
lenses.security.saml.key.password = "my_saml_key_password"

See all SSO options

Setup Microsoft Azure SSO 

Learn more about Azure SSO

  1. Go to Enterprise applications > + New Application
  2. Search for Lenses.io in the gallery directory
  3. Choose a name for Lenses e.g. Lenses.io and click Add
Azure gallery Kafka

Enable Single-Sign-On 

Select Set up single sign on > SAML

Azure enable SAML

Configure your SAML details:

Azure configure SAML

SettingValue
Identifier (Entity ID)Use the base url of the Lenses installation e.g. https://lenses-dev.example.com
Reply URLUse the base url with the callback details e.g. https://lenses-dev.example.com/api/v2/auth/saml/callback?client_name=SAML2Client
Sign on URLUse the base url

Remember to activate HTTPS on Lenses. See TLS .

Download SAML Signing Certificate 


Azure SSO/SAML IDP file

Download the Federation Metadata XML file with the Azure IdP details. Then, reference this file’s path in the Lenses security.conf configuration file.

lenses.security.saml.idp.metadata.file=<path_to_file>

See all SSO options .