Azure and Microsoft Entra ID

RDepot can integrate with any OIDC provider, this example specifically demonstrates how to integrate RDepot with Azure and Microsoft Entra ID.

Configuring Azure

1. Log into the Azure Portal

2. Go to the App registrations service

3. Click on New registration

4. Fill in a name for the registration

5. Choose Accounts in this organizational directory only. Do not use the other options (not even for testing), unless you are aware of the implications.

6. In the Redirect URI section, choose Single-page application (SPA) and use the following value (replacing rdepot-demo.local with your domain name):

   https://rdepot-demo.local/auth
   

7. The filled in form should look like:

   

8. Click Register

9. Go to Authentication

10. Provide a front-channel logout URL

    https://rdepot-demo.local/logout
    

11. Check Access tokens as the tokens to be issued by the authorization endpoint

    

12. Click Token configuration to configure optional claims

13. Click Add optional claim, select Access as token type, search for the email and preferred_name claims and check them both

    

14. Go back to the Overview page and copy the Application (client) ID. You will need this in the RDepot web client configuration.

    

15. Click on Endpoints and copy the Authority URL

16. Click on OpenID Connect metadata document and copy the jwks_uri value. You will need this in the RDepot manager app configuration.

Configuring the RDepot web client

Now that you configured Azure and you retrieved all necessary parameters, you can configure the RDepot web client.

1. Set the following environment variables (replacing the examples with the values you retrieved from the Azure portal):

   VITE_OIDC_AUTHORITY=https://login.microsoftonline.com/{your-tenant-id}/v2.0
   VITE_OIDC_REDIRECT_URI=https://rdepot.local/auth
   VITE_OIDC_CLIENT_ID={your-client-id}
   VITE_OIDC_POST_LOGOUT_REDIRECT_URI=https://rdepot.local/logout
   VITE_OIDC_RESPONSE_TYPE=code
   VITE_OIDC_SCOPE=openid profile email {your-client-id}/.default
   

2. Redeploy the RDepot web client

Configuring the RDepot manager app

1. Using the previously fetched jwks_uri, configure the application.yaml as follows

   oauth2:
     jwk-set-uri: https://login.microsoftonline.com/common/discovery/v2.0/keys
     login-field: preferred_username
   app:
     authentication: oauth2
     oauth2:
       default:
         admins:
         - einstein@company.onmicrosoft.com
   

2. Redeploy the RDepot manager app

You should now be able to log in on RDepot using an Azure user. You can create additional users by going to the Microsoft Entra ID / Users page in Azure.