Microsoft as an OIDC SSO Provider
Available on: Enterprise EditionCloud
Using Microsoft as an OIDC SSO Provider
To configure Microsoft authentication, follow these steps:
yaml
micronaut:
security:
oauth2:
enabled: true
clients:
microsoft:
client-id: "{{ clientId }}"
client-secret: "{{ clientSecret }}"
openid:
issuer: 'https://login.microsoftonline.com/common/v2.0/'
To get your client-id and client-secret, refer to the Microsoft Documentation.
Using Microsoft Entra ID as an OIDC SSO Provider
Create an Enterprise Application
- Visit the Azure portal.
- Select Microsoft Entra ID.
- Navigate to App registrations.
- Click on New registration and provide the necessary details:
- Enter a name for your application.
- Set Supported account types (e.g., "Default Directory only - Single tenant").
- Under Redirect URI, select Web and enter
https://{{ url }}/oauth/callback/microsoft. Be sure to usehttpsand the actual URL of your webserver.
Generate Client Secret
- Go to Certificates & secrets.
- Under Client secrets, click on New client secret.
- Copy the generated secret and use it in the
{{ clientSecret }}field in your configuration.
Kestra Configuration
- Copy the Application (client) ID from the Overview section and use it as your
{{ clientId }}. - In the Endpoints section, locate the OpenID Connect metadata document URL. Remove the
.well-known/openid-configurationsuffix, and use the remainining base URL as your{{ issuerUrl }}.
The final URL should look like https://login.microsoftonline.com/{{ directory }}/v2.0/.
Here's an example Microsoft OIDC configuration:
yaml
micronaut:
security:
oauth2:
enabled: true
clients:
microsoft:
client-id: "{{ clientId }}"
client-secret: "{{ clientSecret }}"
openid:
issuer: '{{ issuerUrl }}'
With these settings, Kestra is now configured to use OIDC for SSO with your chosen providers. Ensure that all placeholders are replaced with the actual values obtained during the provider's setup process.
Was this page helpful?