Azure AD
Setup Azure AD with DevGrid
1. Register DevGrid with Azure AD
If you have more than one Azure AD directory, make sure you are in the correct directory when you register the app you want to use with Auth0.
During registration, configure the following settings:
| Option | Setting |
|---|---|
| Supported account types | To allow users from external organizations (like other Azure AD directories) choose the appropriate multitenant option. Multitenant options include the following: Accounts in any organizational directory (Any Azure AD directory - Multitenant). |
| Redirect URI | Select a Redirect URI type of Web, and enter your callback URL: https://auth.devgrid.io/login/callback. |
During this process, Microsoft generates an Application (client) ID for your application; you can find this on the app's Overview screen. Make a note of this value.
2. Create a client secret
To create a client secret, see Microsoft's Quickstart: Configure a client application to access web APIs - Add Credentials to your web application.
Once generated, make a note of this value.
3. Add Permissions
To add permissions, see Microsoft's Quickstart: Configure a client application to access web APIs - Add permissions to access web APIs.
While configuring permissions, consider the following:
If you want to enable extended attributes (such as Extended Profile or Security Groups), then you will need to configure the following permissions for the Microsoft Graph API.
| Delegated Permissions | Description |
|---|---|
| Users > User.Read | So your app can sign in users and read the signed-in users' profiles. |
| Directory > Directory.Read.All | So your app can read directory data on the signed-in user's behalf. |
4. Send Info to DevGrid
Send the following fields to [email protected].
| Field | Description |
|---|---|
| Microsoft Azure AD Domain | Your Azure AD domain name. You can find this on your Azure AD directory's overview page in the Microsoft Azure portal. |
| Client ID | Unique identifier for your registered Azure AD application. Enter the saved value of the Application (client) ID for the app you just registered in Azure AD. |
| Client Secret | String used to gain access to your registered Azure AD application. Enter the saved value of the Client secret for the app you just registered in Azure AD. |
| Use common endpoint | (Optional) When enabled, your application will dynamically accept users from new directories. Typically enabled if you selected a multi-tenant option for Supported account types for the application you just registered in Azure AD. |
| Identity API | API used by DevGrid to interact with Azure AD endpoints. Learn about the differences in behavior in Microsoft's Why update to Microsoft identity platform (v2.0) doc. |
Updated 6 months ago