Skip to main content

OAuth 2 / OIDC Azure configuration example

This guide contains info and example about setting your {samo-demo-configuration}/packages/{samo-demo}/auth-server/providers/azure.json file.

Configuration creation

Find Tenant/Tenant ID

The value {tenant} refers to a specific Active Directory tenant

It can take one of three forms:

  1. Tenant ID: a1b2c3d4-5678-90ab-cdef-1234567890ab
  2. Tenant name (domain): company.com
  3. Special alias: common / organizations / consumers

How to find your Azure Tenant:

1. Azure Portal:

  • Go to https://portal.azure.com
  • Open Microsoft Entra ID (formerly Azure Active Directory)
  • In the Overview section, you'll see your Tenant ID listed.

2. Azure CLI

Run this command:

az account show --query tenantId --output tsv

3. PowerShell

Run this command:

Get-AzTenant

Find configuration URIs

Get this url: https://login.microsoftonline.com/{tenant}/v2.0/.well-known/openid-configuration In getted json find:

  • "token_endpoint", which is consistent "tokenUri" in azure.json
  • "jwks_uri", which is consistent "jwkSetUri" in azure.json
  • "userinfo_endpoint", which is consistent "userInfoUri" in azure.json
  • "authorization_endpoint", which is consistent "authorizationUri" in azure.json

Full example of using Azure as provider

{
   "type":"oidc",
   "authenticationProperties":{
      "clientId":"1234-abcd-12ab-9h8i-ab12cd34",
      "clientSecret":"${provider.client_secret}",
      "authorizationUri":"https://login.microsoftonline.com/your_tenant_id/oauth2/v2.0/authorize",
      "tokenUri":"https://login.microsoftonline.com/your_tenant_id/oauth2/v2.0/token",
      "jwkSetUri":"https://login.microsoftonline.com/your_tenant_id/discovery/v2.0/keys",
      "userInfoUri":"https://graph.microsoft.com/oidc/userinfo",
      "scope":[
         "openid",
         "profile"
      ],
      "userNameAttribute":"sub"
   },
   "userSynchronization":{
      "enabled":true,
      "userAttributesMapping":{
         "email":"email",
         "username":"preferred_username",
         "principal":"preferred_username",
         "firstName":"given_name",
         "lastName":"family_name"
      }
   },
   "membershipSynchronization":{
      "enabled":true,
      "membershipAttributesMapping":{
         "source":{
            "type":"attribute",
            "attributeName":"idtyp"
         },
         "groupTypes":[
            1,
            2
         ],
         "membershipMapping":[
            {
               "value":"user",
               "operator":"contains",
               "groups":[
                  277
               ]
            },
            {
               "value":"Software Developer",
               "operator":"contains",
               "groups":[
                  277
               ]
            },
            {
               "value":"Senior Software Developer",
               "operator":"equals",
               "groups":[
                  277
               ]
            }
         ]
      }
   }
}