Microsoft as an OIDC SSO Provider
Available on: Enterprise Edition
Using Microsoft as an OIDC SSO Provider
To use Microsoft authentication, follow these steps:
yaml
micronaut:
security:
oauth2:
enabled: true
clients:
microsoft:
client-id: "{{ clientId }}"
client-secret: "{{ clientSecret }}"
openid:
issuer: 'https://login.microsoftonline.com/common/v2.0/'
For getting your client-id and client-secret, check out the Microsoft Documentation
Using Microsoft Entra ID as an OIDC SSO Provider
Create an Enterprise Application
- Visit the Azure portal.
- Select
Microsoft Entra ID. - Navigate to
App registrations. - Click on
New registrationand provide the necessary details:
- Enter a name for your application.
- Set "Supported account types" (e.g., "Default Directory only - Single tenant").
- Under "Redirect URI", select "Web" and enter
https://{{ url }}/oauth/callback/microsoft(make sure to usehttpsand the actual URL of your webserver).
Generate Client Secret
- Go to
Certificates & secrets. - Under
Client secrets, click onNew client secret. - Copy the generated secret so you can use it in the
{{ clientSecret }}field in your configuration.
Kestra Configuration
- Copy the "Application (client) ID" from the
Overviewsection into{{ clientId }}in your configuration. - In the
Endpointssection, find the "OpenID Connect metadata document" URL, remove the.well-known/openid-configurationpart, and use this as{{ issuerUrl }}.
The final URL should look like https://login.microsoftonline.com/{{ directory }}/v2.0/.
Here's an example Microsoft OIDC configuration:
yaml
micronaut:
security:
oauth2:
enabled: true
clients:
microsoft:
client-id: "{{ clientId }}"
client-secret: "{{ clientSecret }}"
openid:
issuer: '{{ issuerUrl }}'
With these settings, Kestra is now configured to use OIDC for SSO with your chosen providers. Ensure that all placeholders are replaced with actual values obtained from the provider's configuration process.
Was this page helpful?