Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Early Access
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
    • Overview of Konnect
    • Architecture
    • Network Resiliency and Availability
    • Port and Network Requirements
    • Compatibility
    • Stages of Software Availability
    • Release Notes
      • Control Plane Upgrades FAQ
      • Supported Installation Options
    • Overview
    • Access a Konnect Account
    • Set up a Runtime
    • Configure a Service
    • Implement and Test the Service
      • Publish and Consume Services
      • Register Applications
    • Import Kong Gateway Entities into Konnect
    • Overview
      • Overview
      • Dashboard
      • Manage Runtime Groups with UI
      • Manage Runtime Groups with decK
      • Installation Options
      • Install with Docker
      • Install on Kubernetes
      • Install on Linux
      • Install on AWS
      • Install on Azure
      • Upgrade a Runtime Instance to a New Version
      • Renew Certificates
      • Runtime Parameter Reference
      • Overview
      • Runtime Configuration
    • Create Consumer Groups
      • Overview
      • Set Up and Use a Vault in Konnect
    • Plugin Ordering Reference
    • Troubleshoot
    • Overview
      • Konnect Services
      • Service Versions
      • Service Implementations
      • Manage Service Documentation
      • Overview
      • Configure a Plugin on a Service
      • Configure a Plugin on a Route
    • Overview
    • Access the Dev Portal
    • Sign Up for a Dev Portal Account
      • Manage Developer Access
      • Manage Application Registration Requests
      • Manage Application Connections
      • Auto Approve Dev and App Registrations
      • Azure OIDC
      • Application Overview
      • Enable and Disable App Registration
        • Okta
        • Curity
        • Auth0
      • Create, Edit, and Delete an Application
      • Register an Application with a Service
      • Generate Credentials for an Application
    • Customize Dev Portal
    • Troubleshoot
    • Introduction to Analytics
    • Summary Dashboard
    • Analyze Services and Routes
    • Generate Reports
    • Troubleshoot
      • Manage a Konnect Account or Plan
      • Change to a Different Plan
      • Manage Payment Methods and Invoices
      • Overview
        • Overview
        • Manage Teams
        • Teams Reference
        • Roles Reference
      • Manage Users
      • Set up SSO with OIDC
      • Set up SSO with Okta
    • Account and Org Deactivation
    • Troubleshoot
    • Overview
      • API Documentation
      • Identity Integration Guide
      • API Documentation
      • Overview
      • Nodes
      • Data Plane Certificiates
        • Services
        • Routes
        • Consumers
        • Plugins
        • Upstreams
        • Certificates
        • CA Certificates
        • SNIs
        • Targets
        • Vaults
      • API Spec
      • Filtering

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this page
  • Create an application in Azure
  • Configure the Azure application
  • Configure group claims in Azure
  • Configure SSO in Konnect
Kong Konnect
  • Home
  • Kong Konnect
  • Dev Portal
  • Access And Approval
  • Configure Azure IdP for Dev Portal

Configure Azure IdP for Dev Portal

Kong offers OIDC support to allow Single-Sign-on for Konnect and the Dev Portal. This guide shows you how to configure Microsoft Azure for Dev Portal SSO.

Create an application in Azure

  1. In Azure, navigate to App registrations.

  2. Click New registration to register a new application:

  3. Name the application.

  4. Select Accounts in this organizational directory only for the Supported account type.

  5. Select Web and enter the Dev Portal Redirect URI.

  6. Save the application ID for later.

Configure the Azure application

  1. Click New client secret, enter a description, select an expiration value, and click Add.

    • Save the secret value for configuring Konnect.
  2. Click Overview in the sidebar, then click the Endpoints tab.

  3. Copy the OpenID Connect metadata document URL and open it in your browser:

  4. Your browser will display a large JSON blob object. In the object, find and save the issuer value.

    The issuer value will be used as the provider URL when configuring SSO in Konnect.

Configure group claims in Azure

Group claims automatically add or remove users from group memberships. To configure group claims, follow these steps:

  1. On your new application page in Azure, click Token configuration in the sidebar.

  2. Click + Add groups claim and do the following:
    1. Select each checkbox in the Select group types to include in Access, ID, and SAML tokens section.
    2. Select Group ID for each section in Customize token properties by type.
    3. Click Add.

    Group claim

  3. Click Add optional claim, select ID as the token type, and email as the claim.

  4. Click Add.

Configure SSO in Konnect

From the Konnect portal identity page, click Configure provider for OIDC, and enter the values from Azure.

This table maps the Konnect values to the corresponding Azure values.

Konnect value Azure value
Provider URL The value stored in the issuer variable.
Client ID Your Azure application ID.
Client Secret Azure client secret.

You can test your configuration by navigating to the Dev Portal and using your Azure credentials to log in.

Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023