sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
4fc71695f806d04ce073f1033049be1cdf7ab9f3
netbird-docs/docs/integrations/identity-providers/self-hosted/azure-sso.md
Muji Sayed 4fc71695f8 add azure sso setup guide (#31)
2023-02-17 16:40:15 +01:00

4.5 KiB
Raw Blame History

id, title, sidebar_position, tags
id title sidebar_position tags
using-netbird-with-azure-sso Using NetBird with Azure SSO 4
integrations
idp
azure
oidc
how-to

This guide is a part of the NetBird Self-hosting Guide and explains how to integrate self-hosted NetBird with Azure SSO.

This is an organized collection of instructions gathered from the Netbird Slack

There are five properties of the setup.env file that we will configure in this guide:

  • NETBIRD_AUTH_CLIENT_ID
  • NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT
  • NETBIRD_USE_AUTH0
  • NETBIRD_AUTH_AUDIENCE
  • NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID
  • NETBIRD_AUTH_DEVICE_AUTH_PROVIDER
  • NETBIRD_AUTH_REDIRECT_URI
  • NETBIRD_AUTH_SILENT_REDIRECT_URI

In Azure, Navigate to Azure Active Directory, and click on App Registrations in the left hand menu. Once there, Click on New registration across the top menu bar.

  • Write a name for your application and choose who can access your application.
  • For Redirect URI, Choose Single-page Application(SPA). for the next box, type your netbird.domainname + auth. E.g https://netbird.mydomainname.com/auth. Keep the auth in mind as this will be your value for NETBIRD_AUTH_REDIRECT_URI
  • On this next page, copy the Application (client) ID. This will be the value for the following:
    • NETBIRD_AUTH_AUDIENCE
    • NETBIRD_AUTH_CLIENT_ID
    • NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID

1. Authentication

Within the same section (App Registrations), navigate to Authentication via the left hand menu. Once there, perform the following:

  • Under the Single-page Application Section, Add another URI with the following value: https://yournetbirddomain.com/silent-auth. The silent-auth section of the url is the value for NETBIRD_AUTH_SILENT_REDIRECT_URI
  • You should have two URI's listed similar to these:
    • https://yournetbirddomain.com/auth
    • https://yournetbirddomain.com/silent-auth
  • Scroll down and check off the following two boxes:
    • Access tokens (used for implicit flows)
    • ID tokens (used for implicit and hybrid flows)

2. Expose API

Next, on the left hand menu, click on Expose an API. Next, set an Application ID URI. You can choose the default value as is, or set your own. Click on Add a Scope, and enter the following:

  • Scope Name: api
  • The rest you can choose as your work requires it.

Next under Authorized client Applications, click on add a client application and enter the following:

  • Client ID: This is the same as your Application ID URI minus the api://. See the picture below as a reference
  • Authorized Scopes: The correct scope will contain your Client ID used in the above step. The correct Authorized Scope will be similar to api://YOUR_CLIENT_ID/api (api is the value of the name of the scope we defined before.)

3. API permissions

Under API Permissions, click on Add a permission. On the next screen that pops up, click on My APIs, and select the API that matches with your Application Client ID. Next Select the scope we created in the earlier steps.

4. Manifest

On the left hand Menu, click on Manifest. On the next page, search for accessTokenAcceptedVersion and change the value from null to 2.

5. Continue with the self-hosting guide

Your authority OIDC configuration will be available under:

https://login.microsoftonline.com/YOUR-DIRECTORY(TENANT)-ID/v2.0/.well-known/openid-configuration

:::caution Double-check if the endpoint returns a JSON response by calling it from your browser. :::

  • Set properties in the setup.env file:
    • NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=https://login.microsoftonline.com/YOUR-DIRECTORY(TENANT)-ID/v2.0/.well-known/openid-configuration
      • this can be grabbed by clicking on Endpoints in your App's *App Registration Over Page.
    • NETBIRD_AUTH_CLIENT_ID=YOUR APPLICATION (client) ID
      • This can be grabbed from your App's App Registration Overview page
    • NETBIRD_AUTH_AUDIENCE=YOUR APPLICATION (client) ID
    • NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=YOUR Application (client) ID. Optional,
    • NETBIRD_USE_AUTH0=false
    • NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=hosted
    • NETBIRD_AUTH_REDIRECT_URI=/auth
    • NETBIRD_AUTH_SILENT_REDIRECT_URI=/silent-auth
  • You can now continue with the NetBird Self-hosting Guide.
Reference in New Issue View Git Blame Copy Permalink