Azure

Setting Up Azure Single Sign-On (SSO)

In this page we will see the process of setting up Azure SSO with Codefresh. For the general instructions of SSO setup see the overview page.

Creating an application registration

To setup Azure Active Directory for SSO, you should first create a new application in Azure AD. Login to Azure Portal and choose Azure Active Directory from the sidebar.

Azure Active Directory

Azure Active Directory

Then under the new sidebar, select App registrations.

Azure App Registrations

Azure App Registrations

Then click on the + New registration to add a new application.

Enter a name for the application (e.g. Codefresh), and leave all other options to default selection.

Azure App Registration creation

Azure App Registration creation

Click the Register button to apply your changes. The application registration is now created.

Configure the permissions

Once the application has been created, you will have to configure the permissions. Click on the name of the application to open the Settings section.

Click API permissions.

Azure App API Permissions

Azure App API Permissions

Then click on the Add a permission button to change the access levels.

Azure App Change Permissions

Azure App Change Permissions

Find the Azure Active Directory Graph entry and click on it.

Azure Active Directory Graph entry

Azure Active Directory Graph entry

Click Delegated permissions. From the list of permissions choose:

  • Directory.Read.All
  • Group.Read.All
  • Member.Read.Hidden
  • Policy.Read.All
  • User.Read
  • User.Read.All
  • User.ReadBasic.All

Finally click the Apply Permissions button.

Microsoft Graph API permissions

Microsoft Graph API permissions

Afterwards please click on the Grant admin consent button from the bar above.

Create Client secret

Next select Certificates & secrets from the left sidebar:

Change keys

Change keys

Click on New Client secret and add a description (arbitrary name).

Add a client secret

Add a client secret

Choose the desired duration.

Note:. If you choose an expiring key, make sure to record the expiration date in your calendar, as you will need to renew the key (get a new one) before that day in order to ensure users don’t experience a service interruption.

Click on Add and the key will be displayed. Make sure to copy the value of this key before leaving this screen, otherwise you may need to create a new key. This value will need to be provided to Codefresh securely.

Enter details on the Codefresh side

Go back to the SSO settings screen described in the first part of this guide inside the Codefresh GUI.

You need to enter the following:

  • Display Name - Shown as display name in Azure (see below)
  • client id - shown as Application (client) ID in Azure (see below)
  • client secret - the key value as created in the previous section
  • tenant - <Your Microsoft Azure AD Domain>.onmicrosoft.com
  • Object ID - your Azure Object ID (see below)

Those fields can be seen in the overview page of your application registration:

Azure App Registration created

Azure App Registration created

Once you save the Identity provider, Codefresh will assign a client-name to it which identifies the SSO configuration.

SSO Client Name

SSO Client Name

We will need this value in the reply URL setting (back in the Azure portal UI).

Configure reply URLs

As a last step you need to ensure that your Codefresh callback URL is listed in allowed reply URLs for the created application. Navigate to Azure Active Directory -> Apps registrations and select your app. Then click Add a Redirect URI and fill in:

https://g.codefresh.io/api/auth/<your_codefresh_sso_client_name>/callback

where <your_codefresh_sso_client_name> is the client name shown in the SSO configuration described in the previous section.

Reply URLs

Reply URLs

Scroll down on the same page and click the ID tokens checkbox:

Reply URLs

Reply URLs

This concludes the SSO setup for Azure.

See the overview page on how to test the integration, activate SSO for collaborators and create sync jobs.