Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this pageOn this page
  • Create an application in Azure
  • Configure the Azure application
  • Configure group claims in Azure
  • Configure SSO in Konnect
Kong Konnect
  • Home
  • Kong Konnect
  • Dev Portal
  • Access And Approval
  • Configure Azure IdP for Dev Portal

Configure Azure IdP for Dev Portal

Kong offers OIDC support to allow Single-Sign-on for Konnect and the Dev Portal. This guide shows you how to configure Microsoft Azure for Dev Portal SSO.

Create an application in Azure

  1. In Azure, navigate to App registrations.

  2. Click New registration to register a new application:

  3. Name the application.

  4. Select Accounts in this organizational directory only for the Supported account type.

  5. Select Web and enter the Dev Portal Redirect URI.

  6. Save the application ID for later.

Configure the Azure application

  1. Click New client secret, enter a description, select an expiration value, and click Add.

    • Save the secret value for configuring Konnect.
  2. Click Overview in the sidebar, then click the Endpoints tab.

  3. Copy the OpenID Connect metadata document URL and open it in your browser:

  4. Your browser will display a large JSON blob object. In the object, find and save the issuer value.

    The issuer value will be used as the provider URL when configuring SSO in Konnect.

Configure group claims in Azure

Group claims automatically add or remove users from group memberships. To configure group claims, follow these steps:

  1. On your new application page in Azure, click Token configuration in the sidebar.

  2. Click + Add groups claim and do the following:
    1. Select each checkbox in the Select group types to include in Access, ID, and SAML tokens section.
    2. Select Group ID for each section in Customize token properties by type.
    3. Click Add.

    Group claim

  3. Click Add optional claim, select ID as the token type, and email as the claim.

  4. Click Add.

Configure SSO in Konnect

From the Konnect portal identity page, click Configure provider for OIDC, and enter the values from Azure.

This table maps the Konnect values to the corresponding Azure values.

Konnect value Azure value
Provider URL The value stored in the issuer variable.
Client ID Your Azure application ID.
Client Secret Azure client secret.

You can test your configuration by navigating to the Dev Portal and using your Azure credentials to log in.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023