AzureAD Tenant as Identity Provider for ZITADEL
This guides shows you how to connect an AzureAD Tenant to ZITADEL.
In ZITADEL you can connect an Identity Provider (IdP) like an AzureAD to your instance and provide it as default to all organizations or you can register the IdP to a specific organization only. This can also be done through your customers in a self-service fashion.
You need to have access to an AzureAD Tenant. If you do not yet have one follow this guide from Microsoft to create one for free.
Create a new Application
Browse to the App registration menus create dialog to create a new app.
Mare sure to select
web as application type in the
Redirect URI (optional) section.
You can leave the second field empty since we will change this in the next step.
Configure Redirect URIS
For this to work you need to whitelist the redirect URIs from your ZITADEL Instance.
In this example our test instance has the domain
test-qcon0h.zitadel.cloud. In this case we need to whitelist these two entries:
To adapt this for you setup just replace the domain
Create Client Secret
To allow your ZITADEL to communicate with the AzureAD you need to create a Secret
Please save this for the later configuration of ZITADEL
Configure ID Token Claims
Use the values displayed on the AzureAD Application page in your ZITADEL IdP Settings.
- You can find the
issuerfor ZITADEL of your AzureAD Tenant in the
Client IDof ZITADEL corresponds to the
Application (client) ID
Client Secretwas generated during the
Create Client Secretstep
Once you created the IdP you need to activate it, to make it usable for your users.
Test the setup
To test the setup use a incognito mode and browse to your login page. If you succeeded you should see a new button which should redirect you to your AzureAD Tenant.