Licensing
      Back to home
      1. Help Center
      2. GETTING STARTED: LICENSING, SETUP, INSTALLS
      3. Licensing

      How to Configure the Web License to Use with Active Directory

      Configuring the web license to use with the company's email address through Azure Active Directory and set up conditions access

      Active Directory Activation - IT Department

       Our AAD mechanism uses Microsoft Azure B2C and/or B2B and no credentials are stored in our environment. Any MFA configured by your IT team for your company's identities will factor into this authentication when used. 

      This process leverages your users' Azure accounts to acquire a license, with all relevant information securely logged in your Azure system. Additionally, our VDI environment is based in the South Central region, so user login details will reflect activity from San Antonio.

      Here are the steps to approve the license to use Active Directory (Hosted Clients - DO NOT use the login we provided ending with client.beck-technology.com).

      1. Adding the DESTINI Single Sign-On to your Environment

      • Log in to this website: https://login.beck-technology.com/ and click the Sign-in" button.
      • Sign in to Active Directory using your company email and password, then follow the prompts.
      • Once everything is verified you will see the message belowmceclip0 (2)
      • This will create the DESTINI Single Sign-On in your Azure environment.
      • Also, the Azure Administrator may have to go to their Azure Portal > Enterprise Solutions and approve the DESTINI Single Sign-On as well. 

      Once that is completed then follow the steps below to use your Company's email address to log into our license platform. 

      If you are getting a security alert accessing the Web License portal, then these are the websites that need to be white-listed.  

      https://licensing.beck-technology.com/
      https://becktechauth.b2clogin.com/
      https://login.beck-technology.com/

      Whitelisting by IP addresses will not work since we are load-balancing Azure Virtual Desktops with Remote App Streaming. This means that the IP addresses of the virtual desktops can change dynamically, making it difficult to maintain an accurate whitelist. Instead, we recommend using other methods of access control, such as user authentication and conditional access policies. These methods allow for a more flexible and secure approach to managing access to the Active Directory.

      2. How to set up Conditional Access for Single Sign-On for the DESTINI Web license platform

      If you are a Beck Tech customer who uses Azure AD Premium P2 with Risky Sign-On detection, it is vital to exclude the DESTINI Single Sign-On from your conditional access policy. This exclusion is necessary because when the user enters their credentials in the Microsoft Window, it will redirect to the Company's login page. If MFA is not excluded, the redirect will fail. Therefore, to ensure a smooth login experience, it's crucial to exclude DESTINI Single Sign-On MFA from the conditional access policy to eliminate the need for multiple MFAs and reduce potential confusion. 

      Here are some additional recommendations from Microsoft - https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

      This will also require that you update/create your Sign-in Risk Policy to use MFA 

      Error Message in the log file if this is not set up correctly - ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED