3pp-mirror/pomerium
1
0
Fork 0
mirror of https://github.com/pomerium/pomerium.git synced 2025-05-02 20:06:03 +02:00
Code Issues Projects Releases Packages Wiki Activity

docs: service account instructions for azure (#969)

Browse source
This commit is contained in:
Caleb Doxsey 2020-06-22 14:15:49 -06:00 committed by GitHub
parent 2476a06c48
commit cb08cb7a93
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
docs/docs/identity-providers/azure.md
View file

@ -94,7 +94,24 @@ https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0/.wel
https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0
```
**Configure Pomerium**
## Service Account
To use `allowed_groups` in a policy an `idp_service_account` needs to be set in the Pomerium configuration. The service account for Azure AD uses the same client ID and client secret configured above, as well as the directory (tenant) ID:
![Personal Access Token](./img/azure-ids.png)
The format of the `idp_service_account` for Azure AD is a base64-encoded JSON document:
```json
{
"client_id": "...",
"client_secret": "...",
"directory_id": "..."
}
```
## Pomerium Configuration
Finally, configure Pomerium with the identity provider settings retrieved in the previous steps. Your [environmental variables] should look something like:

BIN
docs/docs/identity-providers/img/azure-ids.png Normal file
View file

Binary file not shown.
Side by side

After

Width:  |  Height:  |  Size: 18 KiB