How to Configure the Web License to Use with Active Directory

Configuring the web license to use with the company's email address through Azure Active Directory and set up conditions access

Active Directory Activation - IT Department

 Our AAD mechanism uses Microsoft Azure B2C and B2B and no credentials are stored in our environment. Any MFA configured by your IT team for your company's identities will factor into this authentication when used. 

This process leverages your users' Azure accounts to acquire a license, with all relevant information securely logged into your Azure system. Additionally, our VDI environment is based in the South Central region so user login details will reflect activity from San Antonio.

You can click this link to get other FAQs around the web license platform - Web license FAQs

Here are the steps to approve the license to use Active Directory (Hosted Clients - DO NOT use the login we provided ending with client.beck-technology.com).

1. Adding the DESTINI Single Sign-On to your Environment

  • Log in to this website: https://login.beck-technology.com/ and click the Sign-in" button.
  • Sign in to Active Directory using your company email and password, then follow the prompts.
  • Once everything is verified you will see the message belowmceclip0 (2)
  • This will create the DESTINI Single Sign-On in your Azure environment.
  • Also, the Azure Administrator may have to go to their Azure Portal > Enterprise Solutions and approve the DESTINI Single Sign-On as well. 

Once that is completed then follow the steps below to use your Company's email address to log into our license platform. 

If you are getting a security alert accessing the Web License portal, then these are the websites that need to be white-listed. These IP addresses may be dynamic so it would be good to check the IP using the website link. 

https://licensing.beck-technology.com/     IP Address - 52.173.149.254
https://becktechauth.b2clogin.com/          IP address - 40.126.29.05 -40.126.29.14
https://login.beck-technology.com/            IP Address - 52.173.149.254

Also, whitelisting IP addresses may not be a feasible solution due to our use of load-balanced Azure Virtual Desktops with Remote App Streaming. This setup results in dynamic changes to the virtual desktop IP addresses, making it challenging to maintain an effective whitelist. Instead, we recommend implementing alternative access control methods, such as user authentication and conditional access policies. These approaches provide a more flexible and secure way to manage access to Active Directory.

2. How to set up Conditional Access for Single Sign-On for the DESTINI Web license platform

If you are a Beck Tech customer who uses Azure AD Premium P2 with Risky Sign-On detection, it is vital to exclude the DESTINI Single Sign-On from your conditional access policy. This exclusion is necessary because when the user enters their credentials in the Microsoft Window, it will redirect to the Company's login page. If MFA is not excluded, the redirect will fail. Therefore, to ensure a smooth login experience, it's crucial to exclude DESTINI Single Sign-On MFA from the conditional access policy to eliminate the need for multiple MFAs and reduce potential confusion. 

Here are some additional recommendations from Microsoft - https://docs.microsoft.com/en-us/azure/active-directory/identity-protection/howto-identity-protection-configure-risk-policies

This will also require that you update/create your Sign-in Risk Policy to use MFA 

Error Message in the log file if this is not set up correctly - ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED