Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

Enable Guest Portal Social Login with Microsoft® Azure

SUMMARY Use this information if you've enabled a guest portal and want to integrate with Microsoft Azure® for user authorization.

The Guest Portal Social Login feature allows guests to log into the wireless network using their social network logins such as Google, Facebook, and Amazon accounts.

To enable Guest Portal Social Login with Microsoft® Azure:

Create Registration in Microsoft® Azure

  1. Register or login to the Azure Portal.
  2. On your Azure portal, select Microsoft Entra ID.

  3. Click on App registrations. If you cannot find this, click on More Services and search for App registrations.
  4. Select New Registration.

  5. Add the name you wish to add for the App.
  6. Select any account type.
  7. Under Redirect URI select Web and the URL should be https://www.juniper.net/documentation/us/en/software/mist/mist-wireless/topics/task/azuresociallogin.html .

  8. Click Register.

    Once the registration is complete, the following page is displayed:

    Examples:

    • Application (client) ID — b4ee41b0-8f58-440f-9427-7e92733a7016

    • Directory (tenant) ID — d141071b-6aa9-4e71-add1-a69348cc0fce

    Copy and save the Application (client) ID and the Directory (tenant) ID. These will be entered into the Guest Portal Options window of the Juniper Mist portal in a few moments.

Enter Information About the Mist Portal

  1. Next, to generate the Secret ID, click on Certificates & secrets.

  2. Click New client secret and enter the Description and Expire time.

  3. Click Add and a secret key will be generated.
    Note:

    You must copy the contents of the Value field and use that as the secret ID for the Mist Portal configuration. Do not use the secret ID.
  4. Select Branding.
  5. For the Home page URL, enter https://portal.mist.com and for the Terms of service URL, enter https://portal.mist.com/tos.

    Note:

    portal.mist.com is the URL for organizations in the Global 01 region. To find the correct Guest Wi-Fi Portal URL for the cloud instance used by your portal, see Juniper Mist Firewall Ports and IP Addresses for Firewall Configuration.

Navigate to the Mist Portal to set up the social login for your WLAN

Next, navigate to the Mist portal where you will paste the Application (client) ID, Secret ID (Value), and Directory (tenant) ID that you obtained previously. You need these values to set up the social login for your WLAN.

  1. In the Juniper Mist portal, select the WLAN that you want to add the guest portal to.
    Note:

    • To select a site-specific WLAN, navigate to Site > WLANs, and then click the WLAN.

    • To select a template-based WLAN, navigate to Organization > WLAN Templates, click the template, and then click the WLAN.
  2. Scroll down to the Guest Portal section and select Custom guest portal.
  3. Select Configure Portal.
  4. Select the Authorization tab at the top of the window.
  5. Select Azure Sign In, and then enter the Client ID, Secret ID (copied from the Value field in Azure), and Tenant ID that you obtained from the Azure portal.
  6. Click OK on the Guest Portal Options window, then click Save on the Edit WLAN window. .
  7. You will see this pop up when connecting to the wireless network. Enter your Company name to assist with authentication, accept the terms and conditions, and then select Sign in with Azure.Once credentials are validated, click Done.

Add a new guest user in Azure

If you receive an error similar to "User account 'abc@mist.com' from identity provider doesn’t exist in the tenant 'Microsoft services'", this means you need to add the user in your Azure portal. The following steps explain how to achieve this. The next section explains how to then assign an application to the guest user.

  1. Log in to the Azure Portal as an administrator.
  2. Select Azure Active Directory or Microsoft Entra ID.
  3. Under Manage, select Users.
  4. Click New user.

  5. On the New user page, select Invite user and then add the guest user’s information.

    • Name — This is the first and last name of the guest user.

    • Email address (required) — Enter the email address of the guest user.

    • Personal message (optional) — Include a personal welcome message that will display for the guest user.

  6. Select Invite to automatically send the invitation to the guest user. A notification appears in the upper right with the message Successfully invited user. After you send the invitation, the user account will automatically be added to the directory as a guest.

Assign an application to the guest user

Next, assign an application to the guest user. For example, you can add the Salesforce app to your test tenant and assign the test guest user to the app.

  1. Sign in to the Azure portal as an administrator.
  2. From the left pane, select Enterprise applications.
  3. Select application, then in the Add from the gallery section, search for Social Login, and then select it.

  4. Select Add. Then, under the Manage section, select Single sign-on, and under Single Sign-on Mode, select Password-based Sign-on, and click Save.
  5. Under Manage, select Users and groups > Add user > Users and groups.
  6. Use the search box to search for the test user you created (if necessary) and select the test user from the list. Then click Select.
  7. Finally, click Assign to assign the app to the guest user.
  8. Now sign in as the guest user to accept the invitation by signing in to your test guest user’s email account.
    1. In the test user's inbox, find the “You’re invited” email and in that email, select Get Started.
    2. A Review permissions page opens in the browser. Select Accept. The Access Panel opens which lists the applications the guest user can access.

See Also