sendnrw/netbird-docs
2
0
Fork 0
mirror of https://github.com/netbirdio/docs.git synced 2026-04-16 07:26:35 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
7082810c0d774e627e7581dae0d8961c514c1f5d
netbird-docs/docs/integrations/identity-providers/self-hosted/azure-sso.md.disabled
braginini 7082810c0d Disable Azure SSO page
2023-03-14 19:03:50 +01:00

89 lines
4.5 KiB
Plaintext
Raw Blame History

---
id: using-netbird-with-azure-sso
title: Using NetBird with Azure SSO
sidebar_position: 4
tags:
- integrations
- idp
- azure
- oidc
- how-to
---
This guide is a part of the [NetBird Self-hosting Guide](/getting-started/self-hosting) and explains how to integrate
**self-hosted** NetBird with [Azure SSO](https://azure.microsoft.com/en-us/solutions/active-directory-sso/#overview).
This is an organized collection of instructions gathered from the [Netbird Slack](https://netbirdio.slack.com/)
There are five properties of the **`setup.env`** file that we will configure in this guide:
- `NETBIRD_AUTH_CLIENT_ID`
- `NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT`
- `NETBIRD_USE_AUTH0`
- `NETBIRD_AUTH_AUDIENCE`
- `NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID`
- `NETBIRD_AUTH_DEVICE_AUTH_PROVIDER`
- `NETBIRD_AUTH_REDIRECT_URI`
- `NETBIRD_AUTH_SILENT_REDIRECT_URI`
In Azure, Navigate to **Azure Active Directory**, and click on **App Registrations** in the left hand menu. Once there, Click on **New registration** across the top menu bar.
- Write a name for your application and choose who can access your application.
- For Redirect URI, Choose Single-page Application(SPA). for the next box, type your netbird.domainname + auth. E.g `https://netbird.mydomainname.com/auth`. Keep the `auth` in mind as this will be your value for `NETBIRD_AUTH_REDIRECT_URI`
- On this next page, copy the `Application (client) ID`. This will be the value for the following:
- `NETBIRD_AUTH_AUDIENCE`
- `NETBIRD_AUTH_CLIENT_ID`
- `NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID`
### 1. Authentication
Within the same section (App Registrations), navigate to **Authentication** via the left hand menu. Once there, perform the following:
- Under the Single-page Application Section, Add another URI with the following value: `https://yournetbirddomain.com/silent-auth`. The `silent-auth` section of the url is the value for `NETBIRD_AUTH_SILENT_REDIRECT_URI`
- You should have two URI's listed similar to these:
- `https://yournetbirddomain.com/auth`
- `https://yournetbirddomain.com/silent-auth`
- Scroll down and check off the following two boxes:
- `Access tokens (used for implicit flows)`
- `ID tokens (used for implicit and hybrid flows)`
### 2. Expose API
Next, on the left hand menu, click on **Expose an API**. Next, set an `Application ID URI`. You can choose the default value as is, or set your own. Click on **Add a Scope**, and enter the following:
- **Scope Name:** `api`
- The rest you can choose as your work requires it.
Next under **Authorized client Applications**, click on **add a client application** and enter the following:
- **Client ID**: This is the same as your Application ID URI minus the `api://`. See the picture below as a reference
- **Authorized Scopes:** The correct scope will contain your **Client ID** used in the above step. The correct Authorized Scope will be similar to `api://YOUR_CLIENT_ID/api` (api is the value of the name of the scope we defined before.)
![](/img/integrations/identity-providers/self-hosted/azure_api_scope.png)
### 3. API permissions
Under **API Permissions**, click on **Add a permission**. On the next screen that pops up, click on **My APIs**, and select the API that matches with your **Application Client ID**. Next Select the scope we created in the earlier steps.
### 4. Manifest
On the left hand Menu, click on **Manifest**. On the next page, search for `accessTokenAcceptedVersion` and change the value from `null` to `2`.
### 5. Continue with the self-hosting guide
Your authority OIDC configuration will be available under:
```
https://login.microsoftonline.com/YOUR-DIRECTORY(TENANT)-ID/v2.0/.well-known/openid-configuration
```
:::caution
Double-check if the endpoint returns a JSON response by calling it from your browser.
:::
- Set properties in the `setup.env` file:
- NETBIRD_AUTH_OIDC_CONFIGURATION_ENDPOINT=`https://login.microsoftonline.com/YOUR-DIRECTORY(TENANT)-ID/v2.0/.well-known/openid-configuration`
- this can be grabbed by clicking on `Endpoints` in your App's **App Registration* Over Page.
- NETBIRD_AUTH_CLIENT_ID=**YOUR APPLICATION (client) ID**
- This can be grabbed from your App's **App Registration** Overview page
- NETBIRD_AUTH_AUDIENCE=**YOUR APPLICATION (client) ID**
- NETBIRD_AUTH_DEVICE_AUTH_CLIENT_ID=**YOUR Application (client) ID**. Optional,
- NETBIRD_USE_AUTH0=`false`
- NETBIRD_AUTH_DEVICE_AUTH_PROVIDER=`hosted`
- NETBIRD_AUTH_REDIRECT_URI=`/auth`
- NETBIRD_AUTH_SILENT_REDIRECT_URI=`/silent-auth`
- You can now continue with the [NetBird Self-hosting Guide](/getting-started/self-hosting#step-3-configure-identity-provider).
Reference in New Issue View Git Blame Copy Permalink