Setting Up Azure Single Sign-On (SSO)
In this page we will see the process of setting up Azure SSO with Codefresh. For the general instructions of SSO setup see the overview page.
Setting Azure as an Identity provider
To setup Azure Active Directory for SSO
- Create a new application in Azure AD
Login to Microsoft Azure and choose Azure Active Directory from the sidebar.
Then under MANAGE, select App registrations.
Then click on the + ADD button to add a new application.
Enter a name for the application (e.g. Codefresh), select Web app/API as the Application Type, and for Sign-on URL enter
- Configure the permissions
Once the application has been created, you will have to configure the permissions. Click on the name of the application to open the Settings section.
Click Required permissions.
Then click on Windows Azure Active Directory to change the access levels.
The next step is to modify permissions for the app. Under DELEGATED PERMISSIONS check next to Sign in and read user profile and Read directory data. Finally click the Save button.
You should also add the “Microsoft Graph” as an API and make sure that Read directory data is enabled for both Application and Delegated permissions.
Remember to click the Save button once finished. Afterwards please click on the Grant permissions button from the bar above.
- Create the key
Next you will need to create a key which will be used as the Client Secret in Codefresh connection. Click on Keys from the Settings menu.
Enter a name for the key and choose the desired duration.
Note:. If you choose an expiring key, make sure to record the expiration date in your calendar, as you will need to renew the key (get a new one) before that day in order to ensure users don’t experience a service interruption.
Click on Save and the key will be displayed. Make sure to copy the value of this key before leaving this screen, otherwise you may need to create a new key. This value will need to be provided to Codefresh securely.
- Go back to the SSO settings screen described in the first part of this guide inside the Codefresh GUI.
You need to enter the following:
- Display Name - Shown as display name in Azure
- client id - your Azure Application ID (see below)
- client secret - the key from step 3
- tenant -
<Your Microsoft Azure AD Domain>.onmicrosoft.com
- Object ID - your Azure Object ID (see below)
Once you save the Identity provider, Codefresh will assign a
client-name to it which identifies the SSO configuration.
- Configure reply URLs
As a last step you need to ensure that your Codefresh callback URL is listed in allowed reply URLs for the created application. Navigate to Azure Active Directory -> Apps registrations and select your app. Then click Settings -> Reply URLs and add:
<your_codefresh_sso_client_name> is the client name shown in the SSO configuration.
This concludes the SSO setup for Azure.
What to read next
See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.