OIDC
Buddy supports OIDC for pipeline integration with Azure cloud services, and SSO login. In this guide you will learn how to configure OIDC for pipelines.
OIDC provider configuration
- Sign in to Microsoft Azure and go to Azure Active Directory.
- Switch to the App registration tab and click New registration:
- Enter the name, configure the type, and register the app.
On the app details view, copy the following:
- Application (client) ID
- Directory (tenant) ID
- On the application's view, go to Certificates & secrets and switch to the Federated credentials tab.
Click
- Add credential
Other issuer
. Next, fill in the details:- Issuer →
https://oidc.buddyusercontent.com
(US accounts) orhttps://eu-oidc.buddyusercontent.com
(EU accounts) - Subject identifier →
WORKSPACE_URL_HANDLE/TEMP_SUBJECT
- Name
- Audience
Where:
WORKSPACE_URL_HANDLE
is the handle of your account URL →https://app.buddy.works/$WORKSPACE_URL_HANDLE
TEMP_SUBJECT
is a placeholder for the subject of the Buddy integration that we shall configure later
We strongly recommend to set the Audience to something more secure than the default value.
- Copy the Audience and click Add to save the credential.
Adding new role
- Look up Subscriptions in the Azure search.
- Go to your subscription, switch to the Access control (IAM) panel in the left menu, and click Add role assignment.
- Define the role permissions (e.g. Contributor). This should match the scope of access of the Buddy integration.
- Switch to the </u>Members</u> tab, click
- Select members
- Click Review + assign and wait for Azure to add assign the new role.
Buddy configuration
- Sign in to you Buddy account and go to Integrations.
- Click New integration and select Azure.
Define the integration details:
- enter the name and define the sharing scope
- switch the authorization method to OIDC
- paste the Application ID the Directory ID
- paste the audience from the OIDC provider (you can change the audience now if required)
- Click the button to finish configuration.
- Go to the integration details and copy the Subject.
- Switch back to Azure's Active Directory and go to App registrations.
- Click the OIDC application that you added at the beginning and switch to the Certificates & secrets tab:
- Click the OIDC credential and replace
SUBJECT_TEMP
with the subject copied from the Buddy integration:
- Click Update to save changes.
Last modified on August 2, 2023