How to setup Authentication (Easy Auth) using Entra in Azure App Services

0

Prerequisites

  • An Azure App Service (Web/Function App)
  • An Azure Entra Tenant
  • An Azure Entra App Registration

This is the Source documentation we will be following. If things change I would look to this for guidance.
Configure your App Service or Azure Functions app to use Microsoft Entra sign-in

Setting Up the App Registration

Record the following information ‘Application (Client) ID’, the ‘Directory (tenant) ID’, and the ‘Oauth 2.0’ Endpoint.

For the endpoint we will edit it down to the following format.
<authentication-endpoint>/<tenant-id>/v2.0
https://login.microsoftonline.com/16b3c013-d300-____-ac64-7eda0820b6d3/v2.0

Next we will move to Authentication > Add a platform > Web

You will enter the domain of your app with an AAD callback URI at the end and click “Configure”.
https://<AppName>.azurewebsites.net/.auth/login/aad/callback

Here is an example of my apps domain for reference.
Note: I’m using the new beta app naming scheme. The old one also works ‘https://<AppName>.azurewebsites.net/.

Next we will make a secret
Go to Certificates & secrets > New Client Secret > Add a Description > Click Add.


Copy down the secret value after creating the secret for later.


Lastly we will configure the App Registration API permissions.
Expose an API > Add > Save

Note down the Scope URI for the app.

Add a scope > Add ‘user_impersonation’ > Admin and Users > and add the display and description > Click Add Scope

Setting Up the App

Open the app in the portal > Authentication > Add identity provider

Choose ‘Microsoft’ and fill out the form.

The rest of this can be left as default shown below.

Validating It worked

At this point you should be able to browse your app’s domain and the first login should ask for permission to access the app.

From this point on you should be able to access your app without issues.

About Author

Leave a Reply

Your email address will not be published. Required fields are marked *