Microsoft Account
Add a new application for Zylon
The objective is to obtain 3 values that will be used to configure Zylon to be able log in with a Microsoft Account.Application (client) IDClient Secret
- First of all you need to login into https://portal.azure.com/#home console dashboard
- Click
Microsoft Entra Id
- Register a new App. Click on
App registrationson the left menu.
- Click on
New Registration.
- A new window will open and you will need to add the following information
- ⚠️ Redirect URI type is web⚠️
- Domain:
https://zylon.company.com/api/v1/auth/microsoft/callback. Replacezylon.company.comwith the domain where Zylon is hosted (It is the same domain as in the config file located in/etc/zylon/zylon-conf.yaml). - Supported account types: All account types are supported. Choose based on your specific needs.
- In case you want to change it later you can do so in the
Application Overview
- Save the following value that will be used later in the config file for Zylon.
- Application (client) ID
- Now we need to generate the
ClientSecret. Go to the left menu and clickManage > Certificates & secrets
- Click on
New client secretand add the required information
- Copy the
Valuefor client secret.
- Verify that the
User.readpermission is granted. Click onAPI Permissionson the left menu. You should see it there by default. In case it is missing, grant it.
- Add the following configuration to
/etc/zylon/zylon-conf.yaml
In case you don’t see the Microsoft Account button to log in, clear the browser cache.
How to manage users
To limit the number of users that are able to log into Zylon check the following link, by default everybody in the Directory can access Zylon and will be granted themember role
https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/what-is-access-management