0
Fork 0
mirror of https://github.com/logto-io/logto.git synced 2025-01-20 21:32:31 -05:00
logto/packages/connectors/connector-azuread
renovate[bot] 4551f6daad
fix(deps): update dependency @azure/msal-node to v2 (#4301)
* fix(deps): update dependency @azure/msal-node to v2

* fix: pnpm lock file

---------

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
Co-authored-by: Darcy Ye <darcyye@silverhand.io>
2024-02-20 14:58:38 +08:00
..
src fix(cli): translate command (#4459) 2023-09-13 08:12:43 +00:00
CHANGELOG.md release: version packages (#5068) 2024-02-08 13:18:42 +08:00
logo.svg refactor: add connector packages 2023-04-01 15:53:14 +08:00
package.json fix(deps): update dependency @azure/msal-node to v2 (#4301) 2024-02-20 14:58:38 +08:00
README.md refactor(connector): update aad connector (#4435) 2023-09-05 06:31:15 +00:00

Microsoft Azure AD connector

The Microsoft Azure AD connector provides a succinct way for your application to use Azures OAuth 2.0 authentication system.

Table of contents

Set up Microsoft Azure AD in the Azure Portal

  • Visit the Azure Portal and sign in with your Azure account. You need to have an active subscription to access Microsoft Azure AD.
  • Click the Azure Active Directory from the services they offer, and click the App Registrations from the left menu.
  • Click New Registration at the top and enter a description, select your access type and add your Redirect URI, which redirect the user to the application after logging in. In our case, this will be ${your_logto_endpoint}/callback/${connector_id}. e.g. https://foo.logto.app/callback/${connector_id}. (The connector_id can be also found on the top bar of the Logto Admin Console connector details page)
  • You need to select Web as Platform.
    • If you select Sign in users of a specific organization only for access type then you need to enter TenantID.
    • If you select Sign in users with work and school accounts or personal Microsoft accounts for access type then you need to enter common.
    • If you select Sign in users with work and school accounts for access type then you need to enter organizations.
    • If you select Sign in users with personal Microsoft accounts (MSA) only for access type then you need to enter consumers.

You can copy the Callback URI in the configuration section.

Fill in the configuration

In details page of the newly registered app, you can find the Application (client) ID and Directory (tenant) ID.

For Cloud Instance, usually it is https://login.microsoftonline.com/. See Azure AD authentication endpoints for more information.

Configure your client secret

  • In your newly created application, click the Certificates & Secrets to get a client secret, and click the New client secret from the top.
  • Enter a description and an expiration.
  • This will only show your client secret once. Fill the value to the Logto connector configuration and save it to a secure location.

Config types

Name Type
clientId string
clientSecret string
tenantId string
cloudInstance string

References