Chapter 1. Enabling the Microsoft Azure authentication provider


Red Hat Developer Hub includes a Microsoft Azure authentication provider that can authenticate users by using OAuth.

Procedure

  1. To allow Developer Hub to authenticate with Microsoft Azure, create an OAuth Application in Microsoft Azure.

    1. Go to Azure Portal > App registrations, and create an App Registration for Developer Hub.
    2. On your App registration overview page, add a new Web platform configuration, with the configuration:

      Redirect URI
      Enter the backend authentication URI set in Developer Hub: https://<APP_FQDN>/api/auth/microsoft/handler/frame
      Front-channel logout URL
      Leave blank.
      Implicit grant and hybrid flows
      Leave all checkboxes cleared.
    3. On the API permissions tab, click Add Permission, then add the following Delegated permission for the Microsoft Graph API:

      • email
      • offline_access
      • openid
      • profile
      • User.Read
      • Optional custom scopes of the Microsoft Graph API that you define both here and in the Developer Hub configuration (app-config-rhdh.yaml).

        Note

        Your company might require you to grant admin consent for these permissions. Even if your company does not require admin consent, you might do so as it means users do not need to individually consent the first time they access backstage. To grant admin consent, a directory admin must go to the admin consent page and click Grant admin consent for COMPANY NAME.

    4. Go to the Certificates & Secrets page, then the Client secrets tab, and create a new client secret. Save the Client secret for the next step.
  2. Add your Microsoft Azure credentials in your Developer Hub secrets.

    1. Edit your Developer Hub secrets, such as secrets-rhdh.
    2. Add the following key/value pairs:

      • AUTH_AZURE_CLIENT_ID: Enter the Application ID that you generated on Microsoft Azure.
      • AUTH_AZURE_CLIENT_SECRET: Enter the Client secret that you generated on Microsoft Azure.
      • AUTH_AZURE_TENANT_ID: Enter your Tenant ID on Microsoft Azure.
  3. Set up the Microsoft Azure authentication provider in your Developer Hub custom configuration.

    Edit your custom Developer Hub config map, such as app-config-rhdh.

    In the app-config-rhdh.yaml content, add the microsoft provider configuration under the root auth configuration, and enable the microsoft provider for sign-in:

    app-config-rhdh.yaml fragment

    auth:
      environment: production
      providers:
        microsoft:
          production:
            clientId: ${AUTH_AZURE_CLIENT_ID}
            clientSecret: ${AUTH_AZURE_CLIENT_SECRET}
            tenantId: ${AUTH_AZURE_TENANT_ID}
            # domainHint: ${AUTH_AZURE_TENANT_ID} 1
            # additionalScopes: 2
              # - Mail.Send
    signInPage: microsoft 3

    1
    Optional for single-tenant applications. You can reduce login friction for users with accounts in multiple tenants by automatically filtering out accounts from other tenants. If you want to use this parameter for a single-tenant application, uncomment and enter the tenant ID. If your application registration is multi-tenant, leave this parameter blank. For more information, see Home Realm Discovery.
    2
    Optional for additional scopes. To add scopes for the application registration, uncomment and enter the list of scopes that you want to add. The default and mandatory value is ['user.read'].
    3
    To enable the Microsoft Azure provider as default sign-in provider.
Note

Optional for environments with restrictions on outgoing access, such as firewall rules. If your environment has outgoing access restrictions make sure your Backstage backend has access to the following hosts:

  • login.microsoftonline.com: To get and exchange authorization codes and access tokens.
  • graph.microsoft.com: To fetch user profile information (as seen in this source code). If this host is unreachable, users might see an Authentication failed, failed to fetch user profile error when they attempt to log in.
Red Hat logoGithubRedditYoutubeTwitter

Learn

Try, buy, & sell

Communities

About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.