Skip to content

Authenticating against Azure AD/Entra#

This documentation applies to Piler enterprise edition 2.0.0

Revision #1

Publication date: 2025-SEP-26

Azure is a popular cloud provider, and the piler UI supports Azure AD/Entra to provide Single Sign-On (SSO).

Prerequisites#

You have an Azure subscription or trial, you have created users and preferably groups in the appropriate Azure tenant.

Setup the application in Azure#

Click on “App registration“, enter a name for the application, select “Any Azure AD directory – Multitenant” at the supported account types, and set the “Redirect URI“. Be sure to replace “archive.example.com” with your archive FQDN. Finally record the application (client) id value.

Click “Certificates and secrets”, create a new client secret, and record the secret value.

Select “API permissions”, and add the following permissions, then click on the “Grant Admin consent for …” button

Configure the piler UI to allow Azure AD authentication#

Add the following to the .env file (or to the settings json if you have a multi-tenant license: Be sure to use your actual IDs and secret values!

ENABLE_AZURE_AUTH=true
AZURE_REDIRECT_URL=https://archive.example.com/auth/azure/callback
AZURE_CLIENT_SECRET=xxxxx~yyyyy_hhhhhhhhhhh.jjjjjjjjjjjjjjjj
AZURE_CLIENT_ID=aaaaaaaaa-bbbbbb-ccccc-dddddd-eeeeeeeeeeee
AZURE_TENANT_ID=xxxxxxx-yyyyyyy-zzzzzzzzz-tttttttttt

Let the users log in#

Users will see the “Azure AD” link on the login screen.

After clicking on it the user is redirected to Azure for authentication. After providing his credentials, he’s redirected back to the piler UI.

The user also has his group assignments from Azure, and the local groups if there are any.