H
Homarr3mo ago
jimmy0017

Azure SSO Question

Hi, I followed the azure SSO example from here. I cannot find how to pass groups into homarr. I also tried to put in AUTH_OIDC_ADMIN_GROUP, but it is not giving the user the access. I've also added the optional claims from groups in token configuration. If somebody can provide some direction, that would be great. Docker env part: 
      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups
      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups
No description
Solution:
as you are using the groups groups attribute you'll need to specify the group ids (as those are send in this groups attribute) You can also create roles for your app registration and use those with actual names (and the groups attribute roles). Currently there is no option for display name
Jump to solution
6 Replies
Cakey Bot
Cakey Bot3mo ago
Thank you for submitting a support request. Depending on the volume of requests, our team should get in contact with you shortly.
⚠️ Please include the following details in your post or we may reject your request without further comment: - Log (See https://homarr.dev/docs/community/faq#how-do-i-open-the-console--log) - Operating system (Unraid, TrueNAS, Ubuntu, ...) - Exact Homarr version (eg. 0.15.0, not latest) - Configuration (eg. docker-compose, screenshot or similar. Use ``your-text`` to format) - Other relevant information (eg. your devices, your browser, ...)
Frequently Asked Questions | Homarr documentation
Can I install Homarr on a Raspberry Pi?
Meierschlumpf
Meierschlumpf3mo ago
You'll simply need to create groups with the same name within homarr ,then they are mapped automatically
jimmy0017
jimmy0017OP3mo ago
I did. I am using the group name, instead of object_id. or if i need to create a group with the group_id ?
Solution
Meierschlumpf
Meierschlumpf3mo ago
as you are using the groups groups attribute you'll need to specify the group ids (as those are send in this groups attribute) You can also create roles for your app registration and use those with actual names (and the groups attribute roles). Currently there is no option for display name
jimmy0017
jimmy0017OP3mo ago
Sounds good. Thanks! I will just use groups ids
chrnnk
chrnnk7h ago
hey guys, i think i'm stuck right here on this step. i'm able to log in with SSO but my groups aren't working, and i've tried creating a group in homarr with both the group ID and the group name from azure, but neither seem to be working. otherwise i've followed along with these notes and the docs online.

Did you find this page helpful?