Azure SSO Question

Hi, I followed the azure SSO example from here. I cannot find how to pass groups into homarr. I also tried to put in AUTH_OIDC_ADMIN_GROUP, but it is not giving the user the access.

I've also added the optional claims from groups in token configuration. If somebody can provide some direction, that would be great.

Docker env part:

      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups

      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups

      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups

      - BASE_URL=https://{HIDE}
      - AUTH_PROVIDERS=oidc,credentials #(optional: include 'oidc,credentials' to keep local accounts as fallback)
      - AUTH_OIDC_CLIENT_ID={HIDE}
      - AUTH_OIDC_CLIENT_SECRET={HIDE}
      - AUTH_OIDC_ISSUER=https://login.microsoftonline.com/{HIDE}/v2.0
      - AUTH_OIDC_CLIENT_NAME=MS
      - AUTH_OIDC_SCOPE_OVERWRITE=openid email profile # Groups scope does not exist in azure
      - AUTH_OIDC_ADMIN_GROUP={HIDE}
      - AUTH_OIDC_OWNER_GROUP={HIDE}
      - AUTH_OIDC_GROUPS_ATTRIBUTE=groups

Solution

as you are using the

groups

groups

groups

groups groups attribute you'll need to specify the group ids (as those are send in this groups attribute) You can also create roles for your app registration and use those with actual names (and the groups attribute

roles

roles

roles

roles). Currently there is no option for display name

Jump to solution

Azure SSO Question

Similar Threads

Similar Threads

Similar Threads