Added basic instructions for Azure AD to OpenId documentation (#8582)

Signed-off-by: Peter Krantz peter.krantz@gmail.com
4 years ago · 6c9ab61df5
parent 49d72dea2a
commit 6c9ab61df5
2 changed files with 27 additions and 0 deletions
--- a/changelog.d/8582.doc
+++ b/changelog.d/8582.doc
@ -0,0 +1 @@
+Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk.
--- a/docs/openid.md
+++ b/docs/openid.md
@ -52,6 +52,32 @@ specific providers.

 Here are a few configs for providers that should work with Synapse.

+### Microsoft Azure Active Directory
+Azure AD can act as an OpenID Connect Provider. Register a new application under 
+*App registrations* in the Azure AD management console. The RedirectURI for your
+application should point to your matrix server: `[synapse public baseurl]/_synapse/oidc/callback`
+
+Go to *Certificates & secrets* and register a new client secret. Make note of your 
+Directory (tenant) ID as it will be used in the Azure links.
+Edit your Synapse config file and change the `oidc_config` section:
+
+```yaml
+oidc_config:
+   enabled: true
+   issuer: "https://login.microsoftonline.com/<tenant id>/v2.0"
+   client_id: "<client id>"
+   client_secret: "<client secret>"
+   scopes: ["openid", "profile"]
+   authorization_endpoint: "https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/authorize"
+   token_endpoint: "https://login.microsoftonline.com/<tenant id>/oauth2/v2.0/token"
+   userinfo_endpoint: "https://graph.microsoft.com/oidc/userinfo"
+
+   user_mapping_provider:
+     config:
+       localpart_template: "{{ user.preferred_username.split('@')[0] }}"
+       display_name_template: "{{ user.name }}"
+```
+
 ### [Dex][dex-idp]

 [Dex][dex-idp] is a simple, open-source, certified OpenID Connect Provider.
				`@ -0,0 +1 @@`
				`Instructions for Azure AD in the OpenID Connect documentation. Contributed by peterk.`