From 6c9ab61df5deb5b921677464e5aa091e9b5e60b1 Mon Sep 17 00:00:00 2001 From: Peter Krantz Date: Mon, 26 Oct 2020 18:49:55 +0100 Subject: [PATCH] Added basic instructions for Azure AD to OpenId documentation (#8582) Signed-off-by: Peter Krantz peter.krantz@gmail.com --- changelog.d/8582.doc | 1 + docs/openid.md | 26 ++++++++++++++++++++++++++ 2 files changed, 27 insertions(+) create mode 100644 changelog.d/8582.doc diff --git a/changelog.d/8582.doc b/changelog.d/8582.doc new file mode 100644 index 0000000000..041f168717 --- /dev/null +++ b/changelog.d/8582.doc @@ -0,0 +1 @@ +Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk. diff --git a/docs/openid.md b/docs/openid.md index 8b26b0bae5..6670f36261 100644 --- a/docs/openid.md +++ b/docs/openid.md @@ -52,6 +52,32 @@ specific providers. Here are a few configs for providers that should work with Synapse. +### Microsoft Azure Active Directory +Azure AD can act as an OpenID Connect Provider. Register a new application under +*App registrations* in the Azure AD management console. The RedirectURI for your +application should point to your matrix server: `[synapse public baseurl]/_synapse/oidc/callback` + +Go to *Certificates & secrets* and register a new client secret. Make note of your +Directory (tenant) ID as it will be used in the Azure links. +Edit your Synapse config file and change the `oidc_config` section: + +```yaml +oidc_config: + enabled: true + issuer: "https://login.microsoftonline.com//v2.0" + client_id: "" + client_secret: "" + scopes: ["openid", "profile"] + authorization_endpoint: "https://login.microsoftonline.com//oauth2/v2.0/authorize" + token_endpoint: "https://login.microsoftonline.com//oauth2/v2.0/token" + userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo" + + user_mapping_provider: + config: + localpart_template: "{{ user.preferred_username.split('@')[0] }}" + display_name_template: "{{ user.name }}" +``` + ### [Dex][dex-idp] [Dex][dex-idp] is a simple, open-source, certified OpenID Connect Provider.