NodePing Authentication with Microsoft Entra OpenID Connect

2024/11/20 by Leave a comment

NodePing supports OpenID Connect (OIDC) authentication, allowing you to leverage SSO and multi-factor authentication by using an authentication provider that supports them. We support Google and Microsoft OpenID authentication as well as (on Premiere plan accounts) custom OIDC providers.

In a previous blog post we shared how you can get started with using OIDC with NodePing using Keycloak. In this blog post, I will share with you how you can get Microsoft Entra set up to handle authentication for you with NodePing’s custom OIDC provider feature.

Entra User Configuration

Before configuring Entra to work with NodePing, it is important to make sure your users have the proper configuration. The NodePing contact must include the same email address as your user has in Entra. To ensure your email address in Entra is correct for your user, go to Identity -> Users -> All users. Select the user you want to update, click Edit properties and go to the Contact Information tab.

Ensure that the Email field matches the email that you have set for your NodePing contact. Note that if the email is present only in the “Other emails” section in Entra, logging into NodePing will fail. On the NodePing side, the contact records can have multiple emails, and the address from Entra just needs to be present as one of them.

Entra Admin Center

Head to the Entra Admin Center and in the left side panel go to Identity -> Applications -> App registrations. There, select “New registration” to create a new registration. Enter a name, such as “nodeping” and select the supported account types. In this example, I chose “Accounts in this organizational directory only”.

Set the Redirect URI https://app.nodeping.com/authredirect/<your-nodeping-account-id&gt; and select Web from the dropdown menu.

Next click “Register” at the bottom of the page.

Afterwards, go to “API permissions” and go down to the “Other permissions granted for” section. You should see a Microsoft Graph Permissions name labeled “email”. Click the 3 dot menu and choose “Add to configured permissions”.

You will be prompted to select “Yes, add”.

If the email permission isn’t in the “Other permission” section, select “Add a permission”, and in the right side panel that pops up select Microsoft Graph, then Delegated Permissions, and check the email checkbox in the OpenId permissions section below, and select “Add permissions”.

Following that, you will need to generate a secret. Go to “Certificates & secrets” and select “New client secret”. Give it a description and expiration according to your organizational needs. You will need the Value for the next step.

NodePing Custom OIDC Configuration

On NodePing, sign in and go to Account Settings -> OpenID Connect.

Here you will need:

  1. The Discovery URL
  2. The Client ID
  3. The Client Secret

The Discovery URL can be found in the Overview section, and selecting Endpoints. You will need the URL labeled “OpenID Connect metadata document”. Paste that into the Discovery URL. For the clientID, you need the Application (client) ID displayed in the overview page of your App registration you made on Entra. Lastly, the clientSecret that was generated earlier in the “Certificates & secrets” page in Entra. Note here that the clientSecret is the “Value,” a long string with special characters. There is also a “Secret ID” listed with the secret, but that is not what you need here.

Once complete, click save.

NodePing User Auth Types

Now, configure your NodePing user to sign in with custom OIDC. In NodePing’s webapp, go to Contacts -> List Contacts. Edit the contact you want to permit OIDC authentication with by selecting “Custom OIDC Authentication” as an allowed auth type and save the contact. This option will only be present for those who have a Premiere account. This NodePing contact will need the same email address that corresponds with the email address of the Entra user.

Logging In

To login to NodePing using Entra, visit https://app.nodeping.com/login/[your NodePing account id] and signed in there. This should direct you to Entra where you can sign in. If everything worked, you should be back at NodePing and signed in. Alternatively, on the login page, change the login method to “Custom OIDC Authentication” in the Login Method dropdown menu and enter your NodePing account ID there.

This blog post isn’t intended to address other policies or settings you may have to set up with Entra, or how to make policies for your users. This basic example configuration is a starting point toward integrating Entra with NodePing. Ensure that your configuration of users and other policies are in alignment with your organization’s requirements and adjust as necessary. For additional information, Microsoft provides some resources here and here to guide you through configuring OpenID Connect authentication with Entra.

If you don’t have a NodePing account yet, give it a try! We offer a free, no-obligation 15-day trial. The best way to see if NodePing meets your needs is to try it out.

Filed under OIDC, SSO, Using NodePing Tagged with , , , , , , ,

Disable Monitoring

2016/11/07 by Leave a comment

Last week we added several features aimed at making our monitoring service easier to manage and use.  One of those features adds new ways to easily disable checks, either in the UI or using the API. Disabling a check stops all monitoring and notifications. It can be useful to keep scheduled maintenance or downtime from affecting your uptime statistics. I’ll explain a bit on the various ways you can disable monitoring within NodePing.

Disabling a Single Check
There are two ways to disable a single check within the NodePing web interface. The first is in the check details drawer. If you click the name of a check in the list, the details drawer will slide out. There you can see the last 5 results, links to the various reports, and a toggle to disable the check. Simply click on the “toggle” link next to the text “This check is currently active”. To re-enable, click the toggle again.

The second way to disable a single check is within the check edit screen. Click on the “Edit” button to call up the check edit modal and remove the checkbox from the “Enable Check:” field, then click on “Save”. To re-enable the check, edit it again and check that same box.

Sometimes you may need to disable all the checks to a particular datacenter or for a particular server or service. You can do it one at a time as described above but that can be a click-fest if you have a large number of checks to disable. Our new features allow you to easily disable all of your checks at once, or to disable a group of them based on some powerful filtering capability (described more below).

Disabling All Checks
You can disable and re-enable all your checks with just a couple of clicks. In the “Account Settings” – “General Settings” tab, you’ll see a link for “Disable All Checks”. Click on it and all your currently enabled checks will be immediately disabled. To re-enable the checks, click on the new link that appeared that says “Re-enable Checks”. Please note that this will only re-enable checks that have been disabled using the “Disable All Checks” link. If you disabled a check using one of the methods described above in the “Disabling a Single Check” section of this post, the check will remain disabled.

Disabling all checks can be useful to silence monitoring and notifications during major outages, planned maintenance, or to quiet logs when troubleshooting.

Disabling Multiple Checks
Our new disable feature has some powerful filtering that can help you disable all checks where the label, type, and/or target are similar. Clicking on the “Show optional filters” link in the “Account Settings” – “General Settings” tab will display the available filter fields of “Type”, “Label”, and “Target”. After choosing the dropdown or typing your desired filters in the fields there, you need to click on the “Disable All Checks” link and NodePing will disable all currently enabled checks that match your filters.

If you’d like to disable all your HTTP Content checks, you can choose it from the “Type” drop down.

If all the checks you need to disable are named similarly (example: “Server1: website A”, “Server1: website B”, “Server1: website C”), you can disable all of them by putting “Server1” in the “Label” field. The matching works on any part of the label.

If a particular server is failing, you can disable all checks (no matter what type or label) that point to that server by putting the name or IP address used in the check “Target” field. For example, I can disable all checks that point to all nodeping.com hosts by typing “nodeping.com” in that field. It will disable checks to ‘smtp.nodeping.com’ and ‘www.nodeping.com’, no matter what the check type is.

The filters are additive so if you choose the “HTTP” type and type something in the “Label” field, only HTTP checks that match that label will be disabled.

Use the “Re-enable Checks” link to re-enable checks that were previously disabled using the “Disable All Checks” link and filters.

These filters have superpowers too, thanks to regex. You can geek out and provide a valid javascript regex expression for each filter in our UI or API. Run a curl one-liner to our API before your maintenance fires off to disable some checks and then re-enable them when it’s done. See our API reference for details.

NodePing is committed to bring you more functionality like these new disable check features available in all accounts now. If you don’t yet have a NodePing server monitoring account, we encourage you to sign up for a free, 15-day trial and see how our fast, accurate uptime monitoring can help you keep your services up and available.

Filed under Monitoring, Using NodePing Tagged with ,