Microsoft Entra ID
Last modified: 22 January 2025Follow these guidelines to configure Microsoft Entra ID (Azure Active Directory) as an OAuth 2.0 provider for your instance of IDE Services.
Prerequisites
You have a valid Microsoft Entra ID account.
You have created an application.yaml file to configure your IDE Services Server.
Add IDE Services to Microsoft Entra ID
To enable authorization, the first step is to register IDE Services in the Microsoft Entra admin center. For more details, refer to the Microsoft documentation.
Open the Microsoft Entra admin center in your browser and log in using your account.
From the main menu, go to Identity | Applications | App registrations.
Click New registration.
On the Register an application page, specify the following details:
Name: specify
IDE Servicesas an application name.Supported account types: select who can use IDE Services.
Redirect URI: select Web as a platform and enter the callback endpoint to redirect the end user -
http://<ide_services_server_domain.com>/api/login/authenticated
Click Register.
Create a client secret
Open the IDE Services application overview in the Microsoft Entra admin center.
From the menu on the left, select Certificates & secrets.
Open the Client secrets tab and click New client secret.
Provide a description for the client secret and select the expiration period.
Click Add.
Configure Microsoft Entra ID in application.yaml
After adding IDE Services to Microsoft Entra ID, you need to configure your application.yaml file and specify the OAuth 2.0 provider properties there:
tbe:
auth:
login-url: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/authorize"
login-url-prompt-param: "login"
token-url: "https://login.microsoftonline.com/<tenant>/oauth2/v2.0/token"
jwt-certs-url: "https://login.microsoftonline.com/<tenant>/discovery/v2.0/keys"
client-id: "your_identifier"
client-secret: "your_password"
required-scopes: [ "profile", "email", "openid", "offline_access" ]
root-admin-emails:
- "toolbox.admin@example.com"- login-url
Provide a URL for logging in via Microsoft Entra ID.
You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at
https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration.- tbe.auth.login-url-prompt-param
Defines whether the user should be prompted with a login dialog. Specify one of the following values:
login: use this value to show the login dialog to the user.none: use this value to skip showing the login dialog to the user.
- token-url
Provide a URL for obtaining an authorization token on Microsoft Entra ID's side.
You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at
https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration.- jwt-certs-url
Specify a URL to the JSON Web Key (JWK) set that is used to validate JSON Web Tokens (JWT).
You can obtain this URL by clicking Endpoints on the application overview page in the Microsoft Entra admin center. Alternatively, you can request the Well-known configuration at
https://login.microsoftonline.com/<tenant>/v2.0/.well-known/openid-configuration.- client-id
Specify the public identifier for IDE Services used in Microsoft Entra ID.
You can copy this value from the Application (client) ID parameter on the IDE Services application overview page in the Microsoft Entra admin center.
- client-secret
Specify the value of the client secret for IDE Services that you created in Microsoft Entra ID.