Install Self-Hosted
Get Started on Cloud
BasicsPipelinesActions & ServicesIntegrationsSelf-HostedYAMLBuddy GitTroubleshootingAPI

OIDC for Microsoft Azure

What is Azure OIDC?

Azure OIDC (OpenID Connect) is a protocol that allows for secure user authentication in Azure Active Directory (Azure AD).

Buddy supports OIDC and Single Sign-On login for Azure Cloud integration.

This guide covers all the necessary steps to configure OIDC for Azure integration in Buddy.

Success
Learn how to configure claims in an Open ID token.
Hint
Learn how to configure OIDC for SSO workspace authentication.

OIDC provider configuration

  1. Open the login page in Azure Portal, sign in and go to Microsoft Entra ID.
  2. Switch to the App registration tab and click New registration:

Image loading...App registration window in Azure

  1. Enter the name, configure the type, and register the app.

  2. On the app details view, copy the following:

    • Application (client) ID
    • Directory (tenant) ID

Image loading...App details view

  1. On the application's view, go to Certificates & secrets and switch to the Federated credentials tab.

  2. Click + Add credential and set the scenario to Other issuer. Next, fill in the details:

    • Issuerhttps://oidc.buddyusercontent.com (US accounts) or https://eu-oidc.buddyusercontent.com (EU accounts)
    • Subject identifierWORKSPACE_URL_HANDLE/TEMP_SUBJECT
    • Name
    • Audience

Where:

  • WORKSPACE_URL_HANDLE is the handle of your account URL → https://app.buddy.works/$WORKSPACE_URL_HANDLE
  • TEMP_SUBJECT is a placeholder for the subject of the Buddy integration that we shall configure later
Warning
We strongly recommend setting the Audience to something more secure than the default value.

Image loading...Adding credential in Azure

  1. Copy the Audience and click Add to save the credential.

Adding new role

  1. Look up Subscriptions in the Azure search.

Image loading...Managing subscriptions in Azure

  1. Go to your subscription, switch to the Access control (IAM) panel in the left menu, and click Add role assignment.

Image loading...Access control (IAM) tab in Azure

  1. Define the role permissions (e.g. Contributor). This should match the scope of access of the Buddy integration.

Image loading...Defining role permissions in Azure

  1. Switch to the Members tab, click + Select members and look up the previously added application.

Image loading...Assigning roles in Azure

  1. Click Review + assign and wait for Azure to add assign the new role.

Buddy configuration

  1. Sign in to your Buddy account and go to Integrations.
  2. Click New integration and select Azure.

  3. Define the integration details:

    • enter the name and define the sharing scope
    • switch the authorization method to OIDC
    • paste the Application ID the Directory ID
    • paste the audience from the OIDC identity provider (you can change the audience now if required)

Image loading...OIDC integration configuration

  1. Click the button to finish configuration.
  2. Go to the integration details and copy the Subject.
  3. Switch back to Azure Active Directory and go to App registrations.
  4. Click the OIDC application that you added at the beginning and switch to the Certificates & secrets tab:

Image loading...Owned applications view in Azure

  1. Click the OIDC credential and replace SUBJECT_TEMP with the subject copied from the Buddy integration:

Image loading...Edit credential view in Azure

  1. Click Update to save changes.

Last modified on Sep 23, 2024

Previous pageConfigurationNext pageBackblaze