Skip to content

Latest commit

 

History

History
60 lines (43 loc) · 3.15 KB

enable-authorization.md

File metadata and controls

60 lines (43 loc) · 3.15 KB
Raw

Azure Active Directory Authorization

This How-to Guide shows you how to configure the authorization settings for the Medical Imaging Server for DICOM through Azure. To complete this configuration, you will:

  1. Update a resource application in Azure AD: This resource application will be a representation of the Medical Imaging Server for DICOM that can be used to authorization and obtain tokens. The application registration will need to be updated to create appRoles.
  2. Assign the application roles in Azure AD: Client application registrations, users, and groups need to be assigned the roles defined on the application registration.
  3. Provide configuration to your Medical Imaging Server for DICOM: Once the resource application is updated, you will set the authorization settings of your Medical Imaging Server for DICOM App Service.

Prerequisites

  1. Complete the authentication configuration: Instructions for enabling authentication can be found in the Azure Active Directory Authentication article.

Authorization Settings Overview

The current authorization settings exposed in configuration are the following:

{
  "DicomServer" : {
    "Security": {
      "Authorization": {
        "Enabled": true,
        "RolesClaim": "role",
        "Roles": [
            <DEFINED IN ROLES.JSON>
        ]
      }
    }
  }
}
Element Description
Authorization:Enabled Whether or not the server has any authorization enabled.
Authorization:RolesClaim Identifies the jwt claim that contains the assigned roles. This is set automatically by the DevelopmentIdentityProvider.
Authorization:Roles The defined roles. The roles are defined via the roles.json. Additional information can be found here

Authorization setup with Azure AD

Azure AD Instructions

Creating App Roles

The instructions for adding app roles to an AAD application can be found in this documentation article. This documentation also optionally shows you how to assign an app role to an application.

The app roles created need to match the name of the roles found in the roles.json.

Assigning Users to App Role

This can be accomplished via the Azure Portal or via a PowerShell cmdlet.

Provide configuration to your Medical Imaging Server for DICOM

  1. Make sure that you have deployed the roles.json to your web application
  2. Update the configuration to have the following two settings
    • DicomServer:Security:Authorization:Enabled = true
    • DicomServer:Security:Authorization:RolesClaim = "role"

Summary

In this How-to Guide, you learned how to configure the authorization settings for the Medical Imaging Server for DICOM through Azure.