Using SQL Monitor openid with Azure AD

JonnyG

The documentation for connecting SQL Monitor to and OpenID provider seems on the face of it quite good but I'm struggling with the specifics for when using Azure AD do any one happen to have an Azure AD specific user guide to setting this up 

Dan_J

Hi @JonnyG

Thanks for reaching out to us regarding this.

Would you mind providing the link(s) to the documentation you have looked at so far? This will help me avoid duplicating what you have already seen.

JonnyG

Hi Dan,

Straight out of the SQL Monitor documentation Authenticating with OpenID Connect - SQL Monitor 11 - Product Documentation (red-gate.com) It all makes sense as you read it but then as you go to implement it doesn't seem to provide enough depth. I suspect a couple of examples might really help users configure it for say Azure AD or maybe Okta

Jon

Dan_J

Hi @JonnyG

Thanks for coming back on this.

I've had a really good look through our documentation but unfortunately there doesn't appear to be anything in addition to what you have already found.

I did also put this to my colleagues should they be able to advise on this. Someone did mention that, while they are unsure exactly how the Azure Active Directory one is set up, they have experience of setting up OKTA and suggested that the settings used would likely be similar:

https://help.okta.com/en/prod/Content/Topics/Apps/Apps_App_Integration_Wizard_OIDC.htm

- For task 1.4 - it's a Web Application
- For task 2.1 - Grant type (all selected)
- For task 2.3 - Assignments - we have the "Everyone" group and there are also the individual people listed as well
- For task 4 - we set Filter for claim type and for Groups claim filter it's groups​ matches regex

Those settings should get it working. You may have had to set up an Authorization server in the Security > API section, we use the default one:

Name= default
Audience= api://default
Issuer URI https://xxxx.okta.com/oath2/default 

I hope this helps!