Authenticate using Azure AD

Authenticate using Azure AD

tutorials

OIDC with Azure AD

This tutorial shows how to authenticate to the Curity Identity Server from Azure AD. This is achieved by using the Open ID Connect authenticator in the Curity Identity Server and setting up the Curity Identity Server as an application in Azure AD. If you want to authenticate the other way around, using the Curity Identity Server to login to Azure AD, follow this tutorial Integrating with Azure Active Directory.

Start by creating an OIDC authenticator in the Curity Identity Server. Copy the name of the authenticator. We will fill in the rest after we are done in Azure AD.

Register an application in Azure AD

In Azure AD select App registrations and then New registration. Azure OIDC 1 Set name and who should be able to use this.

In Redirect URI, select Web and then enter the redirect URL of your Azure AD authenticator. It is <BASE URL>/<AUTHENTICATION ENDPOINT>/<AUTHENTICATOR NAME>/callback.
The result should look something like this if your authenticator is AzureAD, https://idsvr.example.com/authn/authenticate/AzureAD/callback

Azure OIDC 2 When the application is registered, navigate to the Overview. Click on Endpoints and make a note of Application (client) ID and OpenID Connect metadata document, you will need them later.

Next up is to create a secret. Navigate to Certificates & secrets. Azure OIDC 3 Click on New client secret, give it a name and a validity time. After pressing Add, make a note of the generated secret.

Attention

After leaving this page you cannot see the secret again.

Configuring the OIDC connector

Getting back to the new OIDC authenticator we now have all the information we need to finalize it. Azure OIDC 4

  • First of all, we have to set the Configuration URL. This is the Open ID metadata URL.
  • Then we enter the Client ID, which we noted earlier.
  • Scope must include openid.
  • Set Client authentication methodto client-secret. The Client Secret is the secret you previously generated.
  • Don´t forget to commit your changes when done.

Summary

Using your new OIDC authenticator you should be able to login with your Azure AD account to Curity Identity Server. Azure AD supports other scopes and can return other claims which can be used by the Curity Identity Server but it is not part of this article. More information can be found in Microsoft Docs.

Let’s Stay in Touch!

Get the latest on identity management, API Security and authentication straight to your inbox.

Keep up with our latest articles and how-tos using RSS feeds