Skip to Content
Access & User ManagementUser ManagementAzure

Azure Entra ID

Authentication Setup

Azure Configuration

  1. Create a Web Application Integration: In the Azure Entra ID Console under Applications click on App Registrations and click on + New registration.
  2. Give it a name: e.g. ScaleOps
  3. Choose the Supported account types: Preferably choose Accounts in this organizational directory only, this would allow only users from your organization to login.
  4. Configure Redirect URI:
  • Choose Web as the platform.
  • For ingress setup: Use your ScaleOps dashboard URL followed by /auth/callback (e.g., https://<YOUR-SCALEOPS-DASHBOARD-URL>/auth/callback).
  • For port forwarding without ingress: Use http://localhost:8080/auth/callback.

Create Application 5. Save the Client ID and Tenant ID: Record the Application (client) ID we are going to refer to it as CLIENT-ID in this doc and the Directory (tenant) ID we are going to refer to it as TENANT-ID in this doc.

Save The Client ID 6. Save the Client Secret: Click on Certificates & secrets and click on + New client secret, give it a description and click Add. We are going to refer to it as CLIENT-SECRET.

  • Note: that the secret will be shown only once, so make sure to save it somewhere safe.
  • Note: that when creating the secret you can choose when it will expire, make sure to ether choose Never or save in the calendar when you would need to replace it.

Create The Client Secret Save The Client Secret

ScaleOps Configuration

Add the following helm values to your helm values.yml file:

authProvider:
  provider: azure
  azure:
    clientID: <CLIENT-ID>
    tenantID: <TENANT-ID>
    clientSecret: <CLIENT-SECRET>

Groups Setup

Azure Configuration

  1. Configure the application we just created to pass groups with the JWT token.

    • Go to the Azure Portal and click on App Registrations.

    • Click on the application we just created.

    • Click on Token configuration.

    • Under Token configuration click on Add groups claim.

    • Choose the group types you want to use (or all) and click Add.

    • Click Save. Add Groups Claim

    • Note that it might take a few minutes for the changes to take effect.

      ⚠️

      For large enterprises with many group memberships, selecting All groups may cause Azure to exceed the token group limit (200 groups for OIDC/OAuth2, 150 for SAML). When exceeded, the groups claim is replaced with an overage indicator, breaking group-based authorization. To avoid this, select Groups assigned to the application instead, and assign the relevant groups to the Enterprise App. See Microsoft’s documentation for details.

  2. Get the group id you want to use as admin.
    • Go to the Azure Portal and click on Azure Active Directory.
    • Click on Groups.
    • Click on the group you want to use as admin.
    • Copy the Object ID value, we will refer to it as GROUP-ID. Get Group ID

ScaleOps Configuration

Add the following helm values to your helm values.yml file:

authProvider:
  provider: azure
  authorization:
    enabled: true
  azure:
    clientID: <CLIENT-ID>
    tenantID: <TENANT-ID>
    clientSecret: <CLIENT-SECRET>
    groupsClaim: groups
Built-In AuthenticationGoogle