You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/authentication/proc-enabling-authentication-with-microsoft-azure.adoc
+3-2Lines changed: 3 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -26,7 +26,8 @@
26
26
* `offline_access`
27
27
* `openid`
28
28
* `profile`
29
-
* `User.Read`
29
+
* `User.Read.All`
30
+
* `GroupMember.Read.All`
30
31
* Optional custom scopes for the Microsoft Graph API that you define both in this section and in the `{my-app-config-file}` {product-short} configuration file.
31
32
[NOTE]
32
33
====
@@ -125,7 +126,7 @@ After successful authentication, the user signing in must be resolved to an exis
125
126
+
126
127
The authentication provider tries each sign-in resolver in order until it succeeds, and fails if none succeed.
127
128
+
128
-
WARNING: In production mode, only configure one resolver to ensure users are securely matched.
129
+
WARNING: In production mode, only configure one resolver to ensure users are securely matched.
* To enable GitHub member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `{my-app-config-file}` content:
23
+
. To enable GitHub member discovery, edit `{my-app-config-file}`, your custom {product-short} configuration file:
Copy file name to clipboardExpand all lines: modules/authentication/proc-provisioning-users-from-microsoft-azure-to-the-software-catalog.adoc
+28-46Lines changed: 28 additions & 46 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -8,7 +8,17 @@ To authenticate users with Microsoft Azure, after xref:enabling-authentication-w
8
8
* You have xref:enabling-authentication-with-microsoft-azure[enabled authentication with Microsoft Azure].
9
9
10
10
.Procedure
11
-
* To enable Microsoft Azure member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add following lines to the `{my-app-config-file}` content:
11
+
. link:{installing-and-viewing-plugins-book-url}[Enable the `backstage-plugin-catalog-backend-module-msgraph-dynamic` plugin].
. To enable {azure-brand-name} member discovery, edit `{my-app-config-file}`, your custom {product-short} configuration file::
12
22
+
13
23
[id=microsoftGraphOrgProviderId]
14
24
.`{my-app-config-file}` fragment with mandatory `microsoftGraphOrg` fields
@@ -22,6 +32,10 @@ catalog:
22
32
tenantId: ${AUTH_AZURE_TENANT_ID}
23
33
clientId: ${AUTH_AZURE_CLIENT_ID}
24
34
clientSecret: ${AUTH_AZURE_CLIENT_SECRET}
35
+
schedule:
36
+
frequency: { hours: 1 }
37
+
timeout: { minutes: 50 }
38
+
initialDelay: { minutes: 50 }
25
39
----
26
40
27
41
`target: https://graph.microsoft.com/v1.0`::
@@ -31,6 +45,19 @@ You might change this parameter to use a different version, such as the link:htt
31
45
`tenandId`, `clientId` and `clientSecret`::
32
46
Use the {product-short} application information you created in Microsoft Azure and configured in OpenShift as secrets.
33
47
48
+
`schedule`::
49
+
50
+
`frequency`:::
51
+
Enter the schedule frequency as cron, ISO duration, or human duration as used in code.
52
+
53
+
`timeout`:::
54
+
Enter the schedule timeout as ISO duration or human duration as used in code.
55
+
56
+
`initialDelay`:::
57
+
Enter the schedule initial delay as ISO duration or human duration as used in code.
58
+
+
59
+
TIP: In a large organization, this plugin can take a long time. Therefore, avoid setting a low frequency or timeout when importing a large number of users and groups for the first time.
60
+
34
61
Optional: Consider adding the following optional `microsoftGraphOrg.providerId` fields:
35
62
36
63
[id=authority]
@@ -228,51 +255,6 @@ catalog:
228
255
select: ['id', 'displayName', 'description']
229
256
----
230
257
231
-
`schedule.frequency`::
232
-
To specify custom schedule frequency.
233
-
Supports cron, ISO duration, and "human duration" as used in code.
234
-
+
235
-
.`{my-app-config-file}` fragment with optional `schedule.frequency` field
236
-
[source,yaml]
237
-
----
238
-
catalog:
239
-
providers:
240
-
microsoftGraphOrg:
241
-
providerId:
242
-
schedule:
243
-
frequency: { hours: 1 }
244
-
----
245
-
246
-
`schedule.timeout`::
247
-
To specify custom timeout.
248
-
Supports ISO duration and "human duration" as used in code.
249
-
+
250
-
.`{my-app-config-file}` fragment with optional `schedule.timeout` field
251
-
[source,yaml]
252
-
----
253
-
catalog:
254
-
providers:
255
-
microsoftGraphOrg:
256
-
providerId:
257
-
schedule:
258
-
timeout: { minutes: 50 }
259
-
----
260
-
261
-
`schedule.initialDelay`::
262
-
To specify custom initial delay.
263
-
Supports ISO duration and "human duration" as used in code.
264
-
+
265
-
.`{my-app-config-file}` fragment with optional `schedule.initialDelay` field
266
-
[source,yaml]
267
-
----
268
-
catalog:
269
-
providers:
270
-
microsoftGraphOrg:
271
-
providerId:
272
-
schedule:
273
-
initialDelay: { seconds: 15}
274
-
----
275
-
276
258
.Verification
277
259
. Check the console logs to verify that the synchronization is completed.
* To enable {rhbk} member discovery, edit your custom {product-short} ConfigMap, such as `app-config-rhdh`, and add the following lines to the `{my-app-config-file}` content:
18
+
. To enable {rhbk} member discovery, edit `{my-app-config-file}`, your custom {product-short} configuration file:
0 commit comments