Azure and Microsoft Entra ID

RDepot can integrate with any OIDC provider, this example specifically demonstrates how to integrate RDepot with Azure and Microsoft Entra ID.

Configuring Azure

  1. Log into the Azure Portal

  2. Go to the App registrations service

  3. Click on New registration

  4. Fill in a name for the registration

  5. Choose Accounts in this organizational directory only. Do not use the other options (not even for testing), unless you are aware of the implications.

  6. In the Redirect URI section, choose Single-page application (SPA) and use the following value (replacing rdepot-demo.local with your domain name):

    https://rdepot-demo.local/auth

  7. The filled in form should look like:

  8. Click Register

  9. Go to Authentication

  10. Provide a front-channel logout URL

    https://rdepot-demo.local/logout

  11. Check the Access tokens box as the tokens to be issued by the authorization endpoint

  12. Click Token configuration to configure optional claims

  13. Click Add optional claim, select Access as token type, search for the email and preferred_username claims and check them both

  14. Go back to the Overview page and copy the Application (client) ID and Directory (tenant ID). You will need them in the RDepot web client configuration.

  15. Click on Endpoints, then open OpenID Connect metadata document and copy the jwks_uri value. You will need this in the RDepot manager app configuration.

Configuring the RDepot manager app

  1. Using the previously fetched jwks_uri, configure the application.yaml as follows

    oauth2:
  jwk-set-uri: {jwks_uri}
  login-field: preferred_username
app:
  authentication: oauth2
  oauth2:
    default:
      admins:
      - einstein@company.onmicrosoft.com

  2. Restart or redeploy the RDepot manager app

Configuring the RDepot web client

Now that you configured Azure and you retrieved all necessary parameters, you can configure the RDepot web client.

  1. Set the following environment variables (replacing the examples with the values you retrieved from the Azure portal):

    VITE_OIDC_AUTHORITY=https://login.microsoftonline.com/{tenant-id}/v2.0
VITE_OIDC_REDIRECT_URI=https://rdepot.local/auth
VITE_OIDC_CLIENT_ID={your-client-id}
VITE_OIDC_POST_LOGOUT_REDIRECT_URI=https://rdepot.local/logout
VITE_OIDC_RESPONSE_TYPE=code
VITE_OIDC_SCOPE=openid profile email {your-client-id}/.default

  2. Restart or redeploy the RDepot web client

You should now be able to log in on RDepot using an Azure user. You can create additional users by going to the Microsoft Entra ID / Users page in Azure.