Enabling authentication

The Itron Identity Service uses the Itron.Cloud.Identity.Server registered application to access AAD functions related to end-user authentication. The only permission required by the application is the Sign in and read user profile AAD privilege, which can be granted either by individual users or by an administrator for an entire AAD domain.

To initiate administrator-level consent (sparing all other users from being prompted), use one of the following options:

• An AAD administrator navigates to one of the following locations:

  • https://idenserver.itrontotal.com/azureonboarding (USW)

  • https://idenserver.itrontotal.ca/azureonboarding (CAC)

  • https://idenserver.itroneyva.eu/azureonboarding (EUN)

  • https://idenserver.services.itron.co.in/azureonboarding (INC)

  • https://idenserver.itroneyva.com.au/azureonboarding (AUE)

  Here, administrator-level consent can be initiated without having a tenant user already created.

  

  

• The customer’s AAD administrator’s account needs to be added to the tenant—by Itron personnel—as a tenant user, then by the first time this user tries to sign in, AAD will prompt for consent where the AAD admin can elevate the user-level consent process to the administrator level.