Auth with Azure AD

Help Developers
1

Hey Speckle guys,

I’m trying to enable auth with Azure AD and I’m not quite sure how to fill out the required fields.
It looks like what I need is there fields below :point_down:

    azure_ad:
      enabled: true
      org_name: "My Organisation" <- Can I use whatever name I like or does it need to fit with the Application ID?
      identity_metadata: "" <- What should I put here?
      issuer: "" <- What should I put here?
      client_id: "Application Id" <- Application (client) ID from Azure
      secret: "secret" <- Secret ID from a Client secret?

Thanks!
Christian

2

Hey @chrk

  • the org_name is what appears on the SIGN IN WITH … button on your Speckle server login page you can use what you’d like here
  • client_id is the id of the auth app registered in AAD
  • you can skip the issuer
  • secret a new secret has to be created and linked to the registered auth app
  • for identity_metadata you need to construct an url with your tenant pointing to the Discovery document path based on the docs.

Hope this helps,
Gergő

1 Like
3

Thanks for the info @gjedlicska !

How should I setup my app registration in Azure?
Right now I have added a single-page application with a redirect of https://my-speckle-domain.com/auth/azure/callback and ticked off the ID tokens check-box under the authorization endpoint.

But I still get an AADSTS900971: No reply address provided. when I try to login

4

Your callback url looks good, if im not mistaken, the registerd app has to be a WEB type app instead of a SPA

1 Like
5

Yes, that worked. Thanks @gjedlicska!

1 Like