docs
/
Go to coder.comRequest Support
docs
/
Home
About
Comparison
Feedback
Getting started
Workspaces
Getting started
Lifecycle
Applications
Autostart
Dev URLs
Docker in workspaces
Editors and IDEs
Environment variables
Personalization
Preferences
Progressive web apps
SSH access
Workspace parameters
Workspace templates
Workspace templates
Workspace template code completion
Images
Import
Tags
Custom image creation
Configure script
Structure
TLS certificates
Deprecate
Embeddable button
Command line
Installation and setup
Remote terminal
File sync
Workspace management
Setup
Architecture
Requirements
Kubernetes
Local preview
K3s
Amazon Elastic Kubernetes Service
Azure Kubernetes Service
Google Kubernetes Engine
Red Hat OpenShift
Installation
Configuration
Licensing
Updating
Update considerations
Air-gapped deployment
Network setup
Coder for Docker
Admin
Access control
User roles
Organization roles
Password reset
User management
Organizations
Org management
Registries
Default registry
Amazon Elastic Container Registry
Google Container Registry
Satellites
Manage satellites
Migrate to satellite deployments
Workspace management
Docker in workspaces
Cluster setup
Images
Management
Extensions
GPU acceleration
IDE installation
Memory provisioning
CPU provisioning
Self-contained workspace builds
Shutdown
SSH configuration
Workspace providers
Deployment
EC2
Kubernetes
Workspace provider management
Access URL
Account dormancy
Appearance
Audit
Browser security
Dev URLs
Git integration
Direct workspace connections
Telemetry
Templates
Usage metrics
Guides
Admin
Compute resources
Database migration
Helm charts
Image tag names
Logging
OpenID Connect with Azure AD
OpenID Connect with Google
OpenID Connect with Okta
Shared security responsibility
Storage
Usage monitoring
Customization
Git configuration
GPG forwarding
macOS keybindings
Node.js Projects
Tailscale
VNC
Deployment
Coder installation from an archive
Managed code-server Workspaces
PostgreSQL
SAML 2.0 identity brokering
Teardown
Terraform
TLS certificates
Azure DNS
Google Cloud DNS
Cloudflare
Route 53
Hosted beta
Mobile development
Public API
Troubleshooting
Admin password reset
Docker
GitHub OAuth integration
Image registry
inotify watcher limit problems
TypeError: Failed to fetch
Changelog
1.25.0
1.24.0
1.23.0
1.23.1
1.22.0
1.22.1
1.22.2
1.22.3
Home
/
Guides
/
Admin

OpenID Connect with Azure AD

3 min read

Learn how to use Azure's Active Directory SSO with Coder.

This article walks you through setting up single sign-on to Coder using Azure's Active directory.

Configuring Coder's OpenID Connect feature requires you to provide three pieces of information from Azure:

  • Client ID
  • Client Secret
  • Issuer

This guide will show you how to set up Azure's Active Directory and obtain the information you need to provide to Coder.

Step 1: Register your app with Azure

  1. Log in to Azure.

  2. Using the search bar at the top, enter App registrations and click the matching search result.

    App registration

  3. Click New registration.

  4. Provide a Name for your application.

  5. Select the access option that best fits your needs; use Default Directory only - Single tenant unless your AD requires multi-tenancy.

    Register your app

  6. Provide your Redirect URL (it will be formatted similar to https://coder.exampleCo.com/oidc/callback).

  7. Click Register to proceed.

When Azure has created your app, you'll be redirected to Overview, which displays the app information.

Step 2: Gather your Azure app information

Once you've registered your app, you can obtain your:

  • Client ID
  • Client Secret
  • Issuer

Client ID

On your application's Overview, look for the Application (client) ID under the Essentials section. This is the value Coder expects as the Client ID.

Client ID

Client secret

You'll need to create the client secret. To do so:

  1. Go to Certificates & secrets.
  2. Click New client secret.
  3. Provide a description for your secret and set an expiration date, and click Add. (We recommend creating a calendar notification to alert you shortly before your secret is set to expire.)
  4. You'll be redirected back to the Certificates & secrets page; save the Value field string for use as your client secret.

Client secret value

Issuer

On your app's Overview page, click Endpoints. Find OpenID Connect metadata document, and copy the first 2/3s of this value.

Issuer

For example, if the full value is:

https://login.microsoftonline.com/6a8e8517-e411-4f53-a4b9-aba6f1646271/v2.0/.well-known/openid-configuration

Then remove /.well-known/openid-configuration, leaving the following as your issuer:

https://login.microsoftonline.com/6a8e8...6271/v2.0

Be sure to keep v2.0, though you must omit the / from the end.

If there's an issue during the configuration process, the error message will tell you the value you provided and the value it expected; you can use this information to correct your configuration.

Step 3: Configure Coder authentication

Once you've saved your Azure values, you can complete the remaining steps using the Coder UI.

  1. Log in to Coder, and go to Manage > Admin > Authentication.
  2. In the top-most drop-down box, select OpenID Connect.
  3. Provide the requested values for Client ID, Client Secret, and Issuer.

When done, click Save Preferences.

At this point, Coder validates your configuration before proceeding. If successful, you can expect Coder to send OIDC login attempts to Azure.

See an opportunity to improve our docs? Make an edit.

Go to coder.comGitHub