Merge pull request #44 from martin-loetzsch/update-readme-for-azure-ad
Update Readme for Azure Active Directory
This commit is contained in:
commit
66a82435de
16
README.md
16
README.md
@ -97,11 +97,19 @@ Note: The user is checked against the group members list on initial authenticati
|
|||||||
|
|
||||||
### Azure Auth Provider
|
### Azure Auth Provider
|
||||||
|
|
||||||
1. [Add an application](https://azure.microsoft.com/en-us/documentation/articles/active-directory-integrating-applications/) to your Azure Active Directory tenant.
|
1. Add an application: go to [https://portal.azure.com](https://portal.azure.com), choose **"Azure Active Directory"** in the left menu, select **"App registrations"** and then click on **"New app registration"**.
|
||||||
2. On the App properties page provide the correct Sign-On URL ie `https://internal.yourcompany.com/oauth2/callback`
|
2. Pick a name and choose **"Webapp / API"** as application type. Use `https://internal.yourcompany.com` as Sign-on URL. Click **"Create"**.
|
||||||
3. If applicable take note of your `TenantID` and provide it via the `--azure-tenant=<YOUR TENANT ID>` commandline option. Default the `common` tenant is used.
|
3. On the **"Settings"** / **"Properties"** page of the app, pick a logo and select **"Multi-tenanted"** if you want to allow users from multiple organizations to access your app. Note down the application ID. Click **"Save"**.
|
||||||
|
4. On the **"Settings"** / **"Required Permissions"** page of the app, click on **"Windows Azure Active Directory"** and then on **"Access the directory as the signed in user"**. Hit **"Save"** and then then on **"Grant permissions"** (you might need another admin to do this).
|
||||||
|
5. On the **"Settings"** / **"Reply URLs"** page of the app, add `https://internal.yourcompanycom/oauth2/callback` for each host that you want to protect by the oauth2 proxy. Click **"Save"**.
|
||||||
|
6. On the **"Settings"** / **"Keys"** page of the app, add a new key and note down the value after hitting **"Save"**.
|
||||||
|
7. Configure the proxy with
|
||||||
|
|
||||||
The Azure AD auth provider uses `openid` as it default scope. It uses `https://graph.windows.net` as a default protected resource. It call to `https://graph.windows.net/me` to get the email address of the user that logs in.
|
```
|
||||||
|
--provider=azure
|
||||||
|
--client-id=<application ID from step 3>
|
||||||
|
--client-secret=<value from step 6>
|
||||||
|
```
|
||||||
|
|
||||||
### Facebook Auth Provider
|
### Facebook Auth Provider
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user