Intel vPro® Platform
Intel Manageability Forum for Intel® EMA, AMT, SCS & Manageability Commander
2929 Discussions

About cooperation with EntraID

SKubo
New Contributor I
1,540 Views

Dear IntelEMA Support Team,

 

1. When logging in to the management console after linking with EntraID, is it possible to manually enter user information for SSO login?
Will the user account of the logged-in terminal be used?


2. How are IDs linked between the EMA management server and EntraID?
 - Is ID information provisioned from EntraID to the EMA server?
 - When attempting to log in to the EMA server, does authentication move to EntraID?


3. Regarding "1," if manual input is possible, are there any specific setting procedures?


4. When linking with EntraID, what is the authentication route if "Login With IntelEMA Credentials" is selected when logging in to the management console?
Am I correct in understanding that authentication is only performed locally?


5. When logging in to the management console of the EMA server I'm currently building, a Microsoft error screen appears saying "AADSTS900021: Requested tenant identifier '00000000-0000-0000-0000-000000000000' is not valid. Tenant identifiers may not be an empty GUID."
Do you know any possible reasons for this?

 

Regards,
Skubo

0 Kudos
15 Replies
vij1
Employee
1,506 Views

Hi Skubo,


I am glad you are interested in Intel® EMA.


Please note that EMA users need to be created in Azure Entra ID first. I suggest reviewing the Microsoft Entra ID documentation to understand how it works:


https://www.microsoft.com/en-us/security/business/identity-access/microsoft-entra-id


Regards,

Vijay N.


0 Kudos
SKubo
New Contributor I
1,473 Views

Hi Vijay N.

Thank you for your reply.

I will change the content of my question.

I set up the EMA server with Azure AD authentication, and when I perform SSO sign-in to the EMA management console, I go through the Microsoft authentication screen and MFA authentication, and when I return to the management console, the message "Azure Login Failed" is displayed, and logging in with the EntraID user account fails.

Furthermore, the log file contains the message "Upn <username> does not exist or is not authorized."

What setting do you think is missing?
Will I need to change the IIS web.config, etc.?

0 Kudos
SKubo
New Contributor I
1,460 Views

Hi Vijay N.

 

In addition to the previous question, if I use an EntraID user account to install EMA, will that user account be automatically registered as a global administrator?

Please let me know as well.

 

Regards,
Skubo

0 Kudos
vij1
Employee
1,445 Views

Hello SKubo,


Greetings!!


Pre-installation Instructions for Microsoft Azure AD Environments


If you plan to install Intel® EMA in an existing Microsoft Azure AD environment, follow the steps below in order to enable Intel® EMA to successfully connect to the Azure AD environment. We recommend that you perform these steps before installing Intel® EMA, however they can be performed after installation, though you will not be able to add users and perform other Intel® EMA actions until you perform these steps in Azure AD.


For more information, please find the below attached link:


https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=13


Regards,

Vijay N.


0 Kudos
SKubo
New Contributor I
1,427 Views

Dear IntelEMA Support Team,


I thought I had created the file based on the materials you provided, but an error occurred, so I contacted you.
Would you mind answering my questions?

・Cause and solution for "Azure Login Failed" error when logging in to EMA
・Will I need to change the IIS web.config, etc.?
・if I use an EntraID user account to install EMA, will that user account be automatically registered as a global administrator?


Regards,
Skubo

0 Kudos
SKubo
New Contributor I
1,406 Views

Dear IntelEMA Support Team,

 

As a side note, the situation is as follows.

 

SKubo_0-1718961907681.png

Regards,
Skubo

0 Kudos
vij1
Employee
1,377 Views

Hello Skubo,


We are currently reviewing the information and we will reach out to you as soon as possible. We request your patience during this time.

 

Regards,

Vijay N.


0 Kudos
vij1
Employee
1,281 Views

Hello Skubo,


Greetings!


Could you please confirm if you have followed Section 1.3.2 as outlined in the Intel EMA documentation?


Currently, Intel® EMA does not support internationalization. The operating system must have English-US Windows display language, English-US system locale, and English-US format (matching the Windows display language).


For reference, please see Section 1.3.2 OS in the following guide:

[Intel EMA Server Installation and Maintenance Guide](https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=10)


Thank you.


Best regards,

Vijay N.


0 Kudos
SKubo
New Contributor I
1,232 Views

Hi Vijay N.
Thank you for your reply.

I tried changing the language settings as you suggested, but the situation did not change.

SKubo_0-1719364157707.png

 

I would like to confirm the following points again. Is that OK?

・Cause and solution for "Azure Login Failed" error when logging in to EMA
・Will I need to change the IIS web.config, etc.?
・if I use an EntraID user account to install EMA, will that user account be automatically registered as a global administrator?

 

Additionally, as additional supplementary information, we have changed the URL of the EMA management console that was set at the time of construction, and the following message is displayed. Does this have an effect?
※Please ignore the security warning message.

 

SKubo_1-1719364370496.png

 

0 Kudos
vij1
Employee
1,210 Views

Hello Skubo,

 

Greetings!

 

Thank you for your response. We kindly request you to reinstall the OS. While reinstalling the OS, please select the OS language as English-US system locale and English-US format (match Windows display language). Please note that the FQDN cannot be changed. For more details, you can refer to the [Intel EMA Server Installation and Maintenance Guide](https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=37).

 

Regarding your query about using an EntraID user account to install EMA:

- If you use an EntraID user account to install EMA, it will not automatically register as a global administrator. It is suggested to use the same OS administrator as the EMA global admin. This account also needs to comply with the SQL database requirements as outlined in [Section 1.3.3 Database](https://www.intel.com/content/dam/support/us/en/documents/software/manageability-products/intel-ema-server-installation-and-maintenance-guide.pdf#page=11).

 

As for changing the IIS web.config, this will change automatically after reinstalling the EMA instance.

 

If you have any further questions or need additional assistance, please feel free to reach out.

 

Regards, 

Vijay N.


0 Kudos
vij1
Employee
1,103 Views

Hello Skubo,

 

I hope this message finds you well!

 

I am following up on the case and wondering if further assistance is necessary.

Look forward to your response.

 

Regards,

Vijay N.


0 Kudos
SKubo
New Contributor I
1,089 Views

Hi Vijay N.

 

Thank you for your reply.
I was able to log in with my EntraID account by manually registering the account to the global administrator.

 

Thank you for your assistance.

0 Kudos
vij1
Employee
1,078 Views

Hello SKubo,


Greetings!


I'm glad to hear that you were able to log in.

Please feel free to reach out to us if you have any questions.


Best regards,

Vijay N.


0 Kudos
TomDv
Beginner
1,050 Views

Good morning guys,

 

after updating EMA server today (from v. 1.12.2 to 1.13.1) I am faced with exactly the same issue as per above.

Everything was working fine before, but now I get through the exact same dialogues as in the screenshot SKubo posted above on ‎06-21-2024 at 10:26 AM.

My system is running Windows Server 2022, Locales are English, and everything (including the Azure SSO) worked perfectly fine until the update.

 

Could you please let me know what can be the cause of it?

Many thanks,

 

Kind regards

 

Tom

0 Kudos
TomDv
Beginner
812 Views

Apologies to Intel - problem was not caused by EMA, my Azure EMA app Secret has expired.

What are the odds I will be upgrading to latest EMA version exactly 6 months after it was installed (and the Secret created)?

Posting it here just in case it happens to someone else.

Tom

0 Kudos
Reply