You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: modules/authentication/proc-enabling-user-authentication-with-microsoft-azure.adoc
+4-4Lines changed: 4 additions & 4 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,14 +12,14 @@ Alternatively, you can ask your {azure-short} administrator to prepare the requi
12
12
* Your {product-short} backend can access the following hosts:
13
13
14
14
`login.microsoftonline.com`::
15
-
For obtaining and exchanging authorization codes and access tokens.
15
+
This is the {azure-brand-name} authorization server, which enables the authentication flow.
16
16
17
17
`graph.microsoft.com`::
18
-
For retrieving user profile information (as referenced in the source code), and avoiding an _Authentication failed, failed to fetch user profile_ error when attempting to log in.
18
+
For retrieving organization data, including user and group data, to be ingested into the {product-short} catalog.
19
19
20
20
.Procedure
21
21
:my-product-app-name-in-azure: <Authenticating with {product-short}>
22
-
. To allow {product-short} to authenticate with {azure-brand-name}, link:https://learn.microsoft.com/en-us/entra/identity-platform/scenario-web-app-sign-user-app-registration?tabs=aspnetcore#register-an-app-by-using-the-azure-portal[create an OAuth application in {azure-short}].
22
+
. To allow {product-short} to authenticate with {azure-short}, link:https://learn.microsoft.com/en-us/entra/identity-platform/scenario-web-app-sign-user-app-registration?tabs=aspnetcore#register-an-app-by-using-the-azure-portal[Register an app by using the {azure-short} portal].
23
23
24
24
.. In the {azure-short} portal go to link:https://portal.azure.com/#view/Microsoft_AAD_RegisteredApps/ApplicationsListBlade[*App registrations*], create a **New registration** with the configuration:
25
25
@@ -426,7 +426,7 @@ auth:
426
426
After successful authentication, {product-short} resolves the user signing in to an existing user in the {product-short} catalog.
427
427
To best match users securely for your use case, consider configuring a specific resolver.
428
428
+
429
-
Enter the resolver list to override the default resolver: `emailLocalPartMatchingUserEntityName`.
429
+
Enter the resolver list to override the default resolver: `userIdMatchingUserEntityAnnotation`.
430
430
+
431
431
The authentication provider tries each sign-in resolver in order until it succeeds, and fails if none succeed.
0 commit comments