Table of Contents

Microsoft Azure Authentication

Microsoft Azure is OAuth2-compliant, so the OAuth2 authentication plugin that FileRun comes with can be used to authenticate users against Azure.

You can easily activate and configure the plugin directly from FileRun's control panel, under System configuration » User login and registration.

For more information on configuring FileRun with OAuth2, please see this page.

Configuration

1. Start the process or registering an application with Azure.

1. a) You will be asked for a Redirect URI. Get this from the FileRun control panel. It is the first field you see under “OAuth2 plugin options” when enabling the OAuth2 authentication plugin.

2. With the new Azure application registered, use the provided Application (client) ID to fill the FileRun setting Client ID.

3. Under Client credentials, click to Add a certificate or secret. Click to add a New client secret. With the new client secret created, copy the Value field to the FileRun setting Client Secret.

3. Back on the Azure project main page, go to Endpoints.

3. a) Copy OAuth 2.0 authorization endpoint (v1) to FileRun's Authorization URL. It looks like this: https://login.microsoftonline.com/<tenant>/oauth2/authorize. Replace <tenant> with your Directory (tenant) ID.

3. b) Copy OAuth 2.0 token endpoint (v1) to FileRun's Access Token URL. It looks like this: https://login.microsoftonline.com/<tenant>/oauth2/token. Replace <tenant> with your Directory (tenant) ID.

4. Set FileRun's List of scopes to openid,profile,email

4. Set FileRun's User info API URL to https://login.microsoftonline.com/<tenant>/openid/userinfo. Replace <tenant> with your Directory (tenant) ID.

5. Set FileRun's field mappings as follows:

Username mapping: $.email

First name mapping: $.given_name

Last name mapping: $.family_name

E-mail mapping: $.email

If you do not hide the FileRun logout option, please configure the Logout URL to https://login.microsoftonline.com/<tenant>/oauth2/v2.0/logout?post_logout_redirect_uri=https://localhost/myapp/

Replace <tenant> with your Directory (tenant) ID. Replace https://localhost/myapp/ with the URL of your FileRun installation.