Azure

How to set up the Azure identity provider.

Setup Instructions for connecting CDM Server to Azure

Purpose

This guide provides information and instructions for configuring CDM Server to log in using Microsoft Azure AD as Identity Provider.

Prerequisites

To be able to use Microsofts Azure Entra ID as ID Provider in CDM Server you need to make some configurations in Azure. Therefor you need

Access to the Azure Portal.
Permissions to create and manage Azure AD applications.
The client redirect URI from the CDM-Server.

Tipp

CDM Server users from external systems which should be able to access CDM-Server must be member of the same group. This group must be configured by Admin user as Login Group at first CDM-Server start.

Step 1: Configure an Azure application as ID-Provider for CDM Server

Azure - Configure Application

Step 2: Configure the CDM Server to use the azure application for authentication in CDM Server using the azure users.

Azure - Configure CDM-Server

After succedding above steps the Azure Users which are in the configured group should be able to log in to the CDM Server!

Warning About Data Loss

Please note that, at this moment, we do not support changing the IdP without clearing all data. This means, if you set up a CDM-Server instance for testing using Local or Ldaps for now, you will have to clear all data and start fresh when you want to switch to Azure.

Here is a sample .env.idp file with the azure IdP configured:

## HELP
# https://get.apis.de/docs/idproviders/azure/

## User Management
# Available options: local, azure, ldaps
ID_PROVIDER=azure

## User Management -> AZURE
# Only required if ID_PROVIDER=azure

# The Microsoft Azure AD Directory (Tenant) ID
# The Tenant ID is an UUID and contains hexadecimal numbers (0-9a-f) seperated by - and
# can be found in Azure Portal on the Entra-ID welcome page.
#
# Example: "e53f2a45-f4d2-a11d-223a-77b654c12df5"
AZURE_TENANT_ID=

# The Azure Application (Client) ID
# The Application client ID is an UUID and belongs to the application which is configured
# for the authentication and authorization of azure users for CDM Server. The Id can be
# found in Azure Portal -> App registrations.
#
# Example: "53a12b45-1234-5566-8fe4-93b787a787d6"
AZURE_CLIENT_ID=

# The Azure Application (Client) Name
# The Application client Name is a Text and belongs to the application which is configured
# for the authentication and authorization of azure users for CDM Server. The Name can be
# found in Azure Portal -> App registrations.
#
# Example apis_cdm_authentication
AZURE_CLIENT_NAME=

# The Azure Admin UUID
# The Azure admin UUID must be the id of the Azure user who is going to configure CDM Server at first start.
# The user which belongs to the id is then an admin user and the only user which is able to log in to the
# CDM Server to complete the configuration.
#
# To get your Azure user id log in to https://portal.azure.com/ click on view entra and in the page feed
# in the middle area of the entra welcome page the user id is shown.
#
# Example fd163a2f-112a-7291-bdf4-a4325b78910a
AZURE_ADMIN_UUID=

Azure Portal Setup

How to configure an Azure application as Identity Provider.

Configure CDM-Server

How to configure CDM-Server to use the Azure application for authentication.

Last modified December 16, 2024: ca9ced4