Hi. I thought I had replied to this earlier, apologies. There is a good step-by-step guide here if you need further steps: https://www.rickroche.com/2022/03/single-sign-on-azure-static-web-apps-and-azure-active-directory/
- Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
- Browse to Identity > Applications > App registrations then select New registration.
- Name the application, for example example-app.
- Under Supported account types, select Accounts in this organizational directory only.
- Under Redirect URI, select Web for the type of application you want to create. Enter the URI where the access token is sent to.
- Select Register.
Then create a client secret: https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#option-3-create-a-new-client-secret
- Browse to Identity > Applications > App registrations, then select your application.
- Select Certificates & secrets.
- Select Client secrets, and then select New client secret.
- Provide a description of the secret, and a duration.
- Select Add.
Save the secret somewhere handy as you'll need it later.
Within the root web app you need to create a 'staticwebapp.config.json' file which contains the Entra auth provider information, you will need the CLIENT ID (you can find this on the app overview page) of your App registration and the secret you just created - this an example I've put together:
"auth": {
"identityProviders": {
"azureActiveDirectory": {
"registration": {
"openIdIssuer": "https://login.microsoftonline.com/4af290c8-08df-440d-93db-cbac02bd9b19/v2.0",
"clientIdSettingName": "AAD_CLIENT_ID",
"clientSecretSettingName": "AAD_CLIENT_SECRET"
}
}
}
},
# creates a friendly /login route redirect to Entra SSO
{
"route": "/login",
"rewrite": "/.auth/login/aad",
},
# Block other default providers
{
"route": "/.auth/login/github",
"statusCode": 404
},
{
"route": "/.auth/login/twitter",
"statusCode": 404
},
# auth for all other routes
{
"route": "/*",
"allowedRoles": ["authenticated"]
},
# override for unauthorised requests to pages
"responseOverrides": {
"401": {
"redirect": "/login",
"statusCode": 302
}
}
Check out: https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization?WT.mc_id=MVP_319025#set-up-sign-in to view the specific parameters to configure and examples.
Hope this helps. I can convert this to answer and you can mark it as accepted if it solves your issue.