Azure Single Sign-On (SSO)

Setting up SSO for Azure in Codefresh, requires you to register Codefresh in Azure AD with the required permissions and the client secret, configure the SSO settings in Codefresh, and then define the Client ID in Azure AD.
For general instructions on SSO setup, see the overview.

Prerequisites

• Azure user roles: Application Administrator or Global Administrator roles.
  These roles are required after the SSO integration is complete to sync teams from Azure to Codefresh.

Register Codefresh in Azure AD

Register the Codefresh application in Azure AD.

1. Log in to Azure Portal, and from the sidebar, select Azure Active Directory.

2. From the sidebar, select App registrations.

3. To add the new application, select + New registration.
   Enter a name for the application, e.g. Codefresh, and for all other options, retain default settings.

4. To apply your changes, select Register. The application is now registered in Azure AD.

Configure permissions for Codefresh

After registering Codefresh, configure the permissions.

1. Select the application name to open Settings.
2. Select API permissions.

3. To change access levels, select Add a permission.

4. Find and select Azure Active Directory Graph.

5. Select Application permissions, and select the following permissions:
   • Directory.Read.All
   • Group.Read.All
   • User.Read.All

   Note:
   User.Read for the type of delegated is required. This permission is usually added by default.

6. Select Apply Permissions.

7. From the bar on the top, select Grant admin consent.

Create Client Secret

1. From the sidebar, select Certificates & secrets.

2. Select New Client secret, and add a description (arbitrary name).

3. Select the desired duration.

   Important: If you select a key with an expiration date, record the expiration date in your calendar. Remember to renew the key before the expiration date to ensure that users don’t experience a service interruption.

4. To display the key, select Add.
5. Copy the value of the key as you will need this when you configure the SSO settings for Azure in Codefresh.

Configure SSO for Azure in Codefresh

1. In the Codefresh UI, go to Single Sign-On.
2. Select + Add Single Sign-On, select Azure, and then select Next.

• Client Name: For auto-generation, leave empty. Codefresh generates the client name once you save the settings.
• Display Name: Meaningful name that identifies the SSO provider.
• Application ID: The Application ID in Azure
• Client secret: The key value you copied when you created the client secret in Azure
• Tenant: <Your Microsoft Azure AD Domain>.onmicrosoft.com
• Object ID: Your Azure Service Principal Object ID (from Enterprise Application configuration)

You need this value when you configure the reply URL in the Azure portal.

Configure reply URLs

This is the final step in SSO setup for Azure. Add the Codefresh callback URL to the allowed reply URLs for the created application in Azure AD.

1. Go to Azure Active Directory > Apps registrations, and select your app.
2. Select Add a Redirect URI, and define:

  https://g.codefresh.io/api/auth/<your_codefresh_sso_client_name>/callback

where: <your_codefresh_sso_client_name> is the Client Name in the SSO configuration, either defined by you or created by Codefresh.

3. On the same page, scroll down and select ID tokens.

You have now completed the SSO setup for Azure.

What to read next

See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.