DocsEdge StackSingle Sign-On with Azure Active Directory (AD)
Single Sign-On with Azure Active Directory (AD)
Set up Azure AD
To use Azure as your IdP, you will first need to register an OAuth application with your Azure tenant.
Follow the steps in the Azure documentation here to register your application. Make sure to select "web application" (not native application) when creating your OAuth application.
After you have registered your application, click on
App Registrations
in the navigation panel on the left and select the application you just created.Make a note of both the client and tenant IDs as these will be used later when configuring Ambassador Edge Stack.
Click on
Authentication
in the left sidebar.Under the
Platform configurations
section, click on+ Add a platform
, then selectWeb
and add this URLhttps://{{AMBASSADOR_URL}}/.ambassador/oauth2/redirection-endpoint
into theRedirect URIs
input fieldNote: Azure AD requires the redirect endpoint to handle TLS
Make sure your application is issuing
access tokens
by clicking on theAccess tokens (used for implicit flows)
checkbox under theImplicit grant and hybrid flows
sectionFinally, click on
Configure
to save your changes
Click on
Certificates & secrets
in the left sidebar. Click+ New client secret
and set the expiration date you wish. Copy the value of this secret somewhere. You will need it when configuring Ambassador Edge Stack.
Set Up Ambassador Edge Stack
After configuring an OAuth application in Azure AD, configuring Ambassador Edge Stack to make use of it for authentication is simple.
Create an OAuth Filter with the credentials from above:
Create a FilterPolicy to use the
Filter
created aboveApply both the
Filter
andFilterPolicy
above withkubectl
Now any requests to https://{{AMBASSADOR_URL}}/backend/get-quote/
will require authentication from Azure AD.
ON THIS PAGE