mirror of
https://github.com/pomerium/pomerium.git
synced 2025-07-16 08:16:18 +02:00
docs: service account instructions for azure (#969)
This commit is contained in:
parent
2476a06c48
commit
cb08cb7a93
2 changed files with 18 additions and 1 deletions
docs/docs/identity-providers
|
@ -94,7 +94,24 @@ https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0/.wel
|
||||||
https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0
|
https://login.microsoftonline.com/0303f438-3c5c-4190-9854-08d3eb31bd9f/v2.0
|
||||||
```
|
```
|
||||||
|
|
||||||
**Configure Pomerium**
|
## Service Account
|
||||||
|
|
||||||
|
To use `allowed_groups` in a policy an `idp_service_account` needs to be set in the Pomerium configuration. The service account for Azure AD uses the same client ID and client secret configured above, as well as the directory (tenant) ID:
|
||||||
|
|
||||||
|

|
||||||
|
|
||||||
|
|
||||||
|
The format of the `idp_service_account` for Azure AD is a base64-encoded JSON document:
|
||||||
|
|
||||||
|
```json
|
||||||
|
{
|
||||||
|
"client_id": "...",
|
||||||
|
"client_secret": "...",
|
||||||
|
"directory_id": "..."
|
||||||
|
}
|
||||||
|
```
|
||||||
|
|
||||||
|
## Pomerium Configuration
|
||||||
|
|
||||||
Finally, configure Pomerium with the identity provider settings retrieved in the previous steps. Your [environmental variables] should look something like:
|
Finally, configure Pomerium with the identity provider settings retrieved in the previous steps. Your [environmental variables] should look something like:
|
||||||
|
|
||||||
|
|
BIN
docs/docs/identity-providers/img/azure-ids.png
Normal file
BIN
docs/docs/identity-providers/img/azure-ids.png
Normal file
Binary file not shown.
After ![]() (image error) Size: 18 KiB |
Loading…
Add table
Add a link
Reference in a new issue