Articles Getting Started How-tos Guides Code Examples Documentation Videos Webinars Courses Documents

Authenticate using Azure AD

tutorials

10 min

On this page

OIDC with Azure AD

This tutorial shows how to authenticate to the Curity Identity Server from Azure AD. This is achieved by using the Open ID Connect authenticator in the Curity Identity Server and setting up the Curity Identity Server as an application in Azure AD. If you want to authenticate the other way around, using the Curity Identity Server to login to Azure AD, follow this tutorial Integrating with Azure Active Directory.

Start by creating an OIDC authenticator in the Curity Identity Server. Copy the name of the authenticator. We will fill in the rest after we are done in Azure AD.

Register an application in Azure AD

In Azure AD select App registrations and then New registration. Azure OIDC 1 Set name and who should be able to use this.

In Redirect URI, select Web and then enter the redirect URL of your Azure AD authenticator. It is <BASE URL>/<AUTHENTICATION ENDPOINT>/<AUTHENTICATOR NAME>/callback.
The result should look something like this if your authenticator is AzureAD, https://idsvr.example.com/authn/authenticate/AzureAD/callback

Azure OIDC 2 When the application is registered, navigate to the Overview. Click on Endpoints and make a note of Application (client) ID and OpenID Connect metadata document, you will need them later.

Next up is to create a secret. Navigate to Certificates & secrets. Azure OIDC 3 Click on New client secret, give it a name and a validity time. After pressing Add, make a note of the generated secret.

Attention

After leaving this page you cannot see the secret again.

Configuring the OIDC connector

Getting back to the new OIDC authenticator we now have all the information we need to finalize it. Azure OIDC 4

First of all, we have to set the Configuration URL. This is the Open ID metadata URL.
Then we enter the Client ID, which we noted earlier.
Scope must include openid.
Set Client authentication methodto client-secret. The Client Secret is the secret you previously generated.
Don´t forget to commit your changes when done.

Summary

Using your new OIDC authenticator you should be able to login with your Azure AD account to Curity Identity Server. Azure AD supports other scopes and can return other claims which can be used by the Curity Identity Server but it is not part of this article. More information can be found in Microsoft Docs.

Join our Newsletter

Get the latest on identity management, API Security and authentication straight to your inbox.

Start Free Trial

Try the Curity Identity Server for Free. Get up and running in 10 minutes.

Start Free Trial

Was this helpful?

Next steps

Start Today

Ready to modernize IAM? Build security and improve ease of use to stay ahead of the competition.

Start a Free Trial

Schedule a demo

Speak to an Identity Specialist

Explore learning resources

Overview

Architecture

Learn More

SECURITY SOLUTIONS

INDUSTRY

Resource Library

Tutorials & Guides

Learn More

How to Pave the Way for Passkeys Adoption

Meet Curity at apidays New York

Authenticate using Azure AD

OIDC with Azure AD

Register an application in Azure AD

Configuring the OIDC connector

Summary

Join our Newsletter

Start Free Trial

Start Today