SSO with Azure AD

Configure SSO using OpenID Connect and Azure AD

πŸ“˜

OpenID Connect

To become familiar with OpenID Connect in Budibase, see: OpenID Connect

Configuration

Create the application

Create the Budibase application using a new 'App Registration'

Add the application name

Ignore the Redirect URI for now.

Find your configuration details

Configuration URL

Visit 'Overview' > 'Endpoints'.

Use the OpenID Connect metadata document field as your Configuration URL in Budibase.

πŸ“˜

Newer versions of Azure Portal may include a generic OpenID URL like: https://login.microsoftonline.com/common/v2.0/.well-known/openid-configuration

In that case you will need to manually edit the URL and include the Azure Tenant ID: https://login.microsoftonline.com/[AZURE_TENANT_ID]/.well-known/openid-configuration

Client ID

Visit 'Overview'

Use the Application (client) ID field as your Client ID in Budibase.

Client Secret

Visit 'Certificates & secrets', click on 'Add client secret', give your secret a description/expiry, and save.

View your newly created secret

Use the Value field as your Client Secret in Budibase.

Finding your callback URL

Navigate to Settings -> Auth within Budibase. Scroll down to where it says "OpenID Connect" and find the field labeled Callback URL.

Show casing were to get the callback url within Budibase

If you are using our cloud service, the URL contained within is exactly what you need.

For self-hosted users, it will likely display http://localhost:10000/api/global/auth/oidc/callback. This will need to be changed depending on how you are hosting it: http[s]://[your-budibase.com]/api/global/auth/oidc/callback. The parts that likely need to be changed are enclosed within square brackets.

Add your callback URL

Visit 'Authentication' and click 'Add a platform' -> 'Web'. Enter your callback URL.

Callback for azure ad