Skip to content
This repository has been archived by the owner on Apr 26, 2024. It is now read-only.

Added basic instructions for Azure AD to OpenId documentation #8582

Merged
merged 8 commits into from
Oct 26, 2020
Merged
Changes from 3 commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions changelog.d/8582.doc
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Instructions for Azure AD in OpenId documentation. Contributed by peterk.
peterk marked this conversation as resolved.
Show resolved Hide resolved
26 changes: 26 additions & 0 deletions docs/openid.md
Original file line number Diff line number Diff line change
@@ -52,6 +52,32 @@ specific providers.

Here are a few configs for providers that should work with Synapse.

### Microsoft Azure Active Directory
Azure AD can act as an OpenID Connect Provider. Register a new application under
*App registrations* in the Azure AD management console. The RedirectURI for your
application should point to your matrix server: `[synapse public baseurl]/_synapse/oidc/callback`

Go to Certificates & secrets and register a new client secret. Make note of your
peterk marked this conversation as resolved.
Show resolved Hide resolved
Directory (tenant) ID as it will be used in the Azure links.
Edit your Synapse config file and change the oidc_config section:
peterk marked this conversation as resolved.
Show resolved Hide resolved

```yaml
oidc_config:
enabled: true
issuer: "https://login.microsoftonline.com/<tenant id>/v2.0"
client_id: "<client id>"
client_secret: "<client secret>"
scopes: ["openid", "profile"]
authorization_endpoint: "https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize"
token_endpoint: "https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token"
userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo"

user_mapping_provider:
config:
localpart_template: ""{{ user.preferred_username.split('@')[0] }}""
peterk marked this conversation as resolved.
Show resolved Hide resolved
display_name_template: "{{ user.name }}"
```

### [Dex][dex-idp]

[Dex][dex-idp] is a simple, open-source, certified OpenID Connect Provider.