mirror of
https://github.com/logto-io/logto.git
synced 2024-12-30 20:33:54 -05:00
3 KiB
3 KiB
Microsoft Azure AD connector
The Microsoft Azure AD connector provides a succinct way for your application to use Azure’s OAuth 2.0 authentication system.
Table of contents
Set up Microsoft Azure AD in the Azure Portal
- Visit the Azure Portal and sign in with your Azure account. You need to have an active subscription to access Microsoft Azure AD.
- Click the Azure Active Directory from the services they offer, and click the App Registrations from the left menu.
- Click New Registration at the top and enter a description, select your access type and add your Redirect URI, which redirect the user to the application after logging in. In our case, this will be
${your_logto_endpoint}/callback/${connector_id}
. e.g.https://foo.logto.app/callback/${connector_id}
. (Theconnector_id
can be also found on the top bar of the Logto Admin Console connector details page) - You need to select Web as Platform.
- If you select Sign in users of a specific organization only for access type then you need to enter TenantID.
- If you select Sign in users with work and school accounts or personal Microsoft accounts for access type then you need to enter common.
- If you select Sign in users with work and school accounts for access type then you need to enter organizations.
- If you select Sign in users with personal Microsoft accounts (MSA) only for access type then you need to enter consumers.
You can copy the
Callback URI
in the configuration section.
Fill in the configuration
In details page of the newly registered app, you can find the Application (client) ID and Directory (tenant) ID.
For Cloud Instance, usually it is https://login.microsoftonline.com/
. See Azure AD authentication endpoints for more information.
Configure your client secret
- In your newly created application, click the Certificates & Secrets to get a client secret, and click the New client secret from the top.
- Enter a description and an expiration.
- This will only show your client secret once. Fill the value to the Logto connector configuration and save it to a secure location.
Config types
Name | Type |
---|---|
clientId | string |
clientSecret | string |
tenantId | string |
cloudInstance | string |