Auth with Azure AD

Hey Speckle guys,

I’m trying to enable auth with Azure AD and I’m not quite sure how to fill out the required fields.
It looks like what I need is there fields below :point_down:

    azure_ad:
      enabled: true
      org_name: "My Organisation" <- Can I use whatever name I like or does it need to fit with the Application ID?
      identity_metadata: "" <- What should I put here?
      issuer: "" <- What should I put here?
      client_id: "Application Id" <- Application (client) ID from Azure
      secret: "secret" <- Secret ID from a Client secret?

Thanks!
Christian

Hey @chrk

  • the org_name is what appears on the SIGN IN WITH … button on your Speckle server login page you can use what you’d like here
  • client_id is the id of the auth app registered in AAD
  • you can skip the issuer
  • secret a new secret has to be created and linked to the registered auth app
  • for identity_metadata you need to construct an url with your tenant pointing to the Discovery document path based on the docs.

Hope this helps,
Gergő

1 Like

Thanks for the info @gergo !

How should I setup my app registration in Azure?
Right now I have added a single-page application with a redirect of https://my-speckle-domain.com/auth/azure/callback and ticked off the ID tokens check-box under the authorization endpoint.

But I still get an AADSTS900971: No reply address provided. when I try to login

Your callback url looks good, if im not mistaken, the registerd app has to be a WEB type app instead of a SPA

1 Like

Yes, that worked. Thanks @gergo!

1 Like