SSO with Azure AD
Configure SSO using OpenID Connect and Azure AD
OpenID Connect
To become familiar with OpenID Connect in Budibase, see: OpenID Connect
Configuration
Create the application
Create the Budibase application using a new 'App Registration'
Add the application name
Ignore the Redirect URI for now.
Find your configuration details
Configuration URL
Visit 'Overview' > 'Endpoints'.
Use the OpenID Connect metadata document field as your Configuration URL in Budibase.
Newer versions of Azure Portal may include a generic OpenID URL like:
https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration
In that case you will need to manually edit the URL and include the Azure Tenant ID:
https://login.microsoftonline.com/[AZURE_TENANT_ID]/.well-known/openid-configuration
Client ID
Visit 'Overview'
Use the Application (client) ID field as your Client ID in Budibase.
Client Secret
Visit 'Certificates & secrets', click on 'Add client secret', give your secret a description/expiry, and save.
View your newly created secret
Use the Value field as your Client Secret in Budibase.
Finding your callback URL
Navigate to Settings -> Auth within Budibase. Scroll down to where it says "OpenID Connect" and find the field labeled Callback URL
.
If you are using our cloud service, the URL contained within is exactly what you need.
For self-hosted users, it will likely display http://localhost:10000/api/global/auth/oidc/callback
. This will need to be changed depending on how you are hosting it: http[s]://[your-budibase.com]/api/global/auth/oidc/callback
. The parts that likely need to be changed are enclosed within square brackets.
Add your callback URL
Visit 'Authentication' and click 'Add a platform' -> 'Web'. Enter your callback URL.
Updated 10 months ago