Authentication: SSO with Azure AD
Linkurious Enterprise supports Microsoft Azure Active Directory as an external authentication provider.
Configuration
To set up Linkurious Enterprise authentication with Microsoft Azure Active Directory, follow these steps:
- Create a new app called
Linkurious
in Azure Active Directory on Azure Portal - Assign the
Directory.Read.All
access right to the new app (notice: an Azure admin's approval is needed) - From the Azure Portal, obtain the following parameters:
authorizationURL
, e.g.https://login.microsoftonline.com/60d78xxx-xxxx-xxxx-xxxx-xxxxxx9ca39b/oauth2/authorize
tokenURL
, e.g.https://login.microsoftonline.com/60d78xxx-xxxx-xxxx-xxxx-xxxxxx9ca39b/oauth2/token
clientID
, e.g.91d426e2-xxx-xxxx-xxxx-989f89b6b2a2
clientSecret
, e.g.gt7BHSnoIffbxxxxxxxxxxxxxxxxxxtyAG5xDotC8I=
tenantID
, (optional, required only for group mapping) e.g.60d78xxx-xxxx-xxxx-xxxx-xxxxxx9ca39b
- Add or edit the existing
oauth2
section inside theaccess
section inlinkurious/data/config/production.json
Example access.oauth2
configuration with Microsoft Azure Active Directory:
"access": {
// [...]
"oauth2": {
"enabled": true,
"provider": "azure",
"authorizationURL": "https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/authorize",
"tokenURL": "https://login.microsoftonline.com/XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX/oauth2/token",
"clientID": "XXXXXXXX-XXX-XXXX-XXXX-XXXXXXXXXXXX",
"clientSecret": "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX",
"azure": {
"tenantID": "XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX"
}
}
}
Oauth2 redirect URL
The OAuth2 redirect URL of Linkurious Enterprise is the following:
http(s)://HOST:PORT/api/auth/sso/return
.