Azure

Setting Up Azure Single Sign-On (SSO)

In this page we will see the process of setting up Azure SSO with Codefresh. For the general instructions of SSO setup see the overview page.

Setting Azure as an Identity provider

To setup Azure Active Directory for SSO

  1. Create a new application in Azure AD

Login to Microsoft Azure and choose Azure Active Directory from the sidebar.

Azure Active Directory

Azure Active Directory

Then under MANAGE, select App registrations.

Azure App Registrations

Azure App Registrations

Then click on the + ADD button to add a new application.

Enter a name for the application (e.g. Codefresh), select Web app/API as the Application Type, and for Sign-on URL enter https://g.codefresh.io

Azure App Registration create

Azure App Registration create
  1. Configure the permissions

Once the application has been created, you will have to configure the permissions. Click on the name of the application to open the Settings section.

Click Required permissions.

Azure App Permissions

Azure App Permissions

Then click on Windows Azure Active Directory to change the access levels.

Azure App Change Permissions

Azure App Change Permissions

The next step is to modify permissions for the app. Under DELEGATED PERMISSIONS check next to Sign in and read user profile and Read directory data. Finally click the Save button.

You should also add the “Microsoft Graph” as an API and make sure that Read directory data is enabled for both Application and Delegated permissions.

Microsoft Graph API permissions

Microsoft Graph API permissions

Remember to click the Save button once finished. Afterwards please click on the Grant permissions button from the bar above.

  1. Create the key

Next you will need to create a key which will be used as the Client Secret in Codefresh connection. Click on Keys from the Settings menu.

Change keys

Change keys

Enter a name for the key and choose the desired duration.

Note:. If you choose an expiring key, make sure to record the expiration date in your calendar, as you will need to renew the key (get a new one) before that day in order to ensure users don’t experience a service interruption.

Create key

Create key

Click on Save and the key will be displayed. Make sure to copy the value of this key before leaving this screen, otherwise you may need to create a new key. This value will need to be provided to Codefresh securely.

Create key

Create key
  1. Go back to the SSO settings screen described in the first part of this guide inside the Codefresh GUI.

You need to enter the following:

  • Display Name - Shown as display name in Azure
  • client id - your Azure Application ID (see below)
  • client secret - the key from step 3
  • tenant - <Your Microsoft Azure AD Domain>.onmicrosoft.com
  • Object ID - your Azure Object ID (see below)

Application ID

Application ID

Once you save the Identity provider, Codefresh will assign a client-name to it which identifies the SSO configuration.

SSO Client Name

SSO Client Name
  1. Configure reply URLs

As a last step you need to ensure that your Codefresh callback URL is listed in allowed reply URLs for the created application. Navigate to Azure Active Directory -> Apps registrations and select your app. Then click Settings -> Reply URLs and add:

https://g.codefresh.io/api/auth/<your_codefresh_sso_client_name>/callback

where <your_codefresh_sso_client_name> is the client name shown in the SSO configuration.

Reply URLs

Reply URLs

This concludes the SSO setup for Azure.

See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.