External requirements: This plugin requires the oAuth Plugin.

Install the plugin using the Extension Manager. Refer to Plugins on how to install plugins manually.

Create a new Application in your Azure account, then configure:

• client ID (Application (client) ID, de Anwendungs-ID (Client))
• client secret (Value NOT Secret ID, de Wert NICHT Geheime ID)
• tenant (Directory (tenant) ID, de Verzeichnis-ID (Mandant))

By default, the plugin will map roles found in the JWT auth token to groups. If you want to use the user's real groups in ACLs you need to enable the fetchgroups config. The plugin will request two additional permissions on top of the usual oAuth scopes: User.Read and GroupMember.Read.All.

Assign the group “azure” to the users, then you can log in directly with it.

For further setup see oauth page.

All users authorized by this plugin are added to automatic azure group by oauth. You can use this in your ACL configuration.

The code has been originally based on the oauthkeycloak plugin.

• Version upped (2024-08-05 23:51)
• Merge pull request #6 from eduardomozart/patch-1 (2024-08-05 13:40)
• Add support for domain_hint (2024-07-29 20:39)
• Version upped (2023-06-12 23:51)
• Merge pull request #2 from glensc/strip-domain (2023-06-12 18:31)
• Strip domain if stripdomain config is enabled (2023-04-20 18:49)
• Add stripdomain config option (2023-04-20 18:48)
• also use the profile scope (2022-10-11 15:51)