Auth with Azure AD

chrk · April 6, 2022, 11:57am

Hey Speckle guys,

I’m trying to enable auth with Azure AD and I’m not quite sure how to fill out the required fields.
It looks like what I need is there fields below

    azure_ad:
      enabled: true
      org_name: "My Organisation" <- Can I use whatever name I like or does it need to fit with the Application ID?
      identity_metadata: "" <- What should I put here?
      issuer: "" <- What should I put here?
      client_id: "Application Id" <- Application (client) ID from Azure
      secret: "secret" <- Secret ID from a Client secret?

Thanks!
Christian

gjedlicska · April 7, 2022, 1:54pm

Hey @chrk

the org_name is what appears on the SIGN IN WITH … button on your Speckle server login page you can use what you’d like here
client_id is the id of the auth app registered in AAD
you can skip the issuer
secret a new secret has to be created and linked to the registered auth app
for identity_metadata you need to construct an url with your tenant pointing to the Discovery document path based on the docs.

Hope this helps,
Gergő

chrk · April 7, 2022, 2:40pm

Thanks for the info @gjedlicska !

How should I setup my app registration in Azure?
Right now I have added a single-page application with a redirect of https://my-speckle-domain.com/auth/azure/callback and ticked off the ID tokens check-box under the authorization endpoint.

But I still get an AADSTS900971: No reply address provided. when I try to login

gjedlicska · April 7, 2022, 3:08pm

Your callback url looks good, if im not mistaken, the registerd app has to be a WEB type app instead of a SPA

chrk · April 7, 2022, 4:02pm

Yes, that worked. Thanks @gjedlicska!