How to Configure Token-based Authentication

 

About Authentication

We exchange the user token that is currently valid for SmartHub with a token that is valid for the Azure app assigned to Elasticsearch.

Note! Token Based Authentication works only with Azure Active Directory authentication configured in SmartHub.

For more details about how to configure Azure Active Directory in SmartHub, go here.

Prerequisites

  • SmartHub configured with Azure Active Directory
  • An app registered in Azure for Elastic Authentication

Grant the app permissions

You must grant the SmartHub app registration permissions in order to consume the Elastic app.

For more details about this procedure, go here.

  1. Log in to your Azure portal as an administrator:http://portal.azure.com.
  2. Click Azure Active Directory → App registrations → App applications.
  3. Search for application used for SmartHub Authentication.
  4. Click the "API permissions" entry from the left side navigation menu.


  5. Click Add a permission:

  6. Click "APIs my organization uses" and search for "Elastic App."
  7. Click "Add permissions."
  8. Now your app should be under "Configured permissions" from SmartHub Authentication app.


  9. Click Grant admin consent (the button near to the App a permission)

Elastic Backend Configuration

  1. Choose "TokenBased" from Authentication Mode drop-down menu.


  2. Add Azure Scope from Elastic Authentication app
    1. To obtain Azure Scope from an Azure app, perform the following steps:
      1. Log in to your Azure portal as an administrator:http://portal.azure.com
      2. Select Azure Active Directory → App registrations → App applications
      3. Search for the application used for the Elastic Authentication app
      4. Select Expose an API → Add a scope
      5. Add a scope name → Choose who can consent → Add a consent display name → Set state on Enabled
      6. Click "Add scope."