-
Notifications
You must be signed in to change notification settings - Fork 3
Microsoft Entra Authentication
If you want increased security and control over access to Data Model Viewer (DMV), you can use Microsoft SSO using Entra ID and even control access via Azure Security Groups.
Important
Don't forget to update pipeline yaml files to 2.3.0^ which includes new variables.
To get started, you must add a redirect URI to your app registration. Do this by navigating to your Azure Portal > Microsoft Entra ID > App registrations > your app registration for dmv > Authentication (under Manage) > click + Add Redirict URI.
Set Platform Type to Web and the URI to https://wa-{your-service}.azurewebsites.net/api/auth/callback/microsoft-entra-id.
In your library variables used for the pipeline you must now set EnableEntraIdAuth to true.
If you have not already, we recommend you set the supported account types on the App Registration to single tenant to only allow users in your tenant to login. If you want additional control you can use the EntraIdAllowedGroups variable to control access via specific Entra Security Groups.
Note
You can continue to have password authentication, and Micosoft SSO at the same time, or you can disable password to just support SSO.
| Name | Requirement | Description |
|---|---|---|
| EnableEntraIdAuth | Optional | Boolean true/false(default) to enable Entra ID authentication, controlable by the organization. Read more about this feature under features: entra id authentication. |
| EntraIdAllowedGroups | Optional | Comma-seperated list of object-ids for the Azure Groups allowed to login using OpenIDs OAuth2 authentication flow. Read more about this feature under features: entra id authentication. |
| DisablePasswordAuth | Optional | Boolean true/false(default) to disable password login. We don't recommend disabling passowrd authentication without setting EnableEntraIdAuth=true, as the site would be unreacable for the users. |