OIDC

Buddy supports OIDC for pipeline integration with Azure cloud services, and SSO login. In this guide you will learn how to configure OIDC for pipelines.

OIDC provider configuration

  1. Sign in to Microsoft Azure and go to Azure Active Directory.
  2. Switch to the App registration tab and click New registration:

  1. Enter the name, configure the type, and register the app.

  2. On the app details view, copy the following:

    • Application (client) ID
    • Directory (tenant) ID

  1. On the application's view, go to Certificates & secrets and switch to the Federated credentials tab.

  2. Click

    • Add credential
    and set the scenario to Other issuer. Next, fill in the details:

    • Issuer → https://oidc.buddyusercontent.com (US accounts) or https://eu-oidc.buddyusercontent.com (EU accounts)
    • Subject identifier → WORKSPACE_URL_HANDLE/TEMP_SUBJECT
    • Name
    • Audience

Where:

  • WORKSPACE_URL_HANDLE is the handle of your account URL → https://app.buddy.works/$WORKSPACE_URL_HANDLE
  • TEMP_SUBJECT is a placeholder for the subject of the Buddy integration that we shall configure later
We strongly recommend to set the Audience to something more secure than the default value.

  1. Copy the Audience and click Add to save the credential.

Adding new role

  1. Look up Subscriptions in the Azure search.

  1. Go to your subscription, switch to the Access control (IAM) panel in the left menu, and click Add role assignment.

  1. Define the role permissions (e.g. Contributor). This should match the scope of access of the Buddy integration.

  1. Switch to the </u>Members</u> tab, click
    • Select members
     and look up the previously added application.

  1. Click Review + assign and wait for Azure to add assign the new role.

Buddy configuration

  1. Sign in to you Buddy account and go to Integrations.
  2. Click New integration and select Azure.

  3. Define the integration details:

    • enter the name and define the sharing scope
    • switch the authorization method to OIDC
    • paste the Application ID the Directory ID
    • paste the audience from the OIDC provider (you can change the audience now if required)

  1. Click the button to finish configuration.
  2. Go to the integration details and copy the Subject.
  3. Switch back to Azure's Active Directory and go to App registrations.
  4. Click the OIDC application that you added at the beginning and switch to the Certificates & secrets tab:

  1. Click the OIDC credential and replace SUBJECT_TEMP with the subject copied from the Buddy integration:

  1. Click Update to save changes.

Last modified on August 2, 2023

Questions?

Not sure how to configure a pipeline for your process? Reach out on the live-chat or contact support

Get Started

Sign up for free and deploy your project in less than 10 minutes.

GitHubEmail