Adding Microsoft Entra ID as Identity Provider

You can add Microsoft Entra ID as Identity Provider as follows.

In the new dialog, the following information are required to set up Microsoft Entra ID:
  • Tenant ID: A tenant ID is a unique identifier for a Microsoft Entra ID tenant. It is used to identify the tenant when communicating with Microsoft services.
  • Client ID: A client ID is a unique identifier for an application that has been registered with Microsoft Entra ID. It is used to identify the application when communicating with Microsoft Entra ID.
  • Client secret: A client secret is a secret key that is associated with a client ID. It is used to prove the identity of the application when communicating with Microsoft Entra ID.

The description page containing the general information about the new added identity provider was updated accordingly to show only the new information like shown below.

After adding the new identity provider from the Console, you can now add Azure users to create BigFix operators. You can then also associate Azure groups to BigFix roles.

Scenario 1: Creating a specific BigFix Operator from an Azure User

Prerequisites to satisfy before running this scenario:
  • The application has been registered in Microsoft Entra ID.
  • The identity provider has been successfully added to BigFix.
Perform these steps:
  1. Add the user to the application in the Azure portal. You can either add the user individually or add a group that the user belongs to.
  2. Create the BigFix operator in the Console as follows:
    1. Go to the "Operators" dialog.
    2. Right-click and select "Add Identity Provider Operator".
    3. Locate and select the user from the previously added tenant.
  3. Assign the desired permissions to the new operator. The master operator can assign them.
  4. The new operator account is now ready to be used.

Scenario 2: Creating BigFix Operators from an Azure Group

Prerequisites to satisfy before running this scenario:
  • The application has been registered in Microsoft Entra ID.
  • The identity provider has been successfully added to BigFix.
Perform these steps:
  1. Add the group to the application in the Azure portal.
  2. Assign the identity provider group to a BigFix role as follows:
    1. Go to the "Role" dialog.
    2. Create or select a role for which you want to assign permissions to the Azure group.
    3. Click the "Identity Provider Groups" section within the role configuration.
    4. Select the Azure group you added in step 1 from the available list.
    5. Save the changes to the role configuration.
Note:
  • Initially, no operator account is created.
  • When an Azure user from the added group logs in for the first time, a BigFix operator account associated with that user will be automatically created. This account will inherit the permissions assigned to the role in step 2.