Azure static app - SSO enable

Vijayakumar Elumalai 105 Reputation points
2024-06-18T07:46:55.46+00:00

Hello Team,

i have a static web app in azure and currently it's having public access so i wanted to enable SSO for static web app. Help me how do it in Azure? Also, what all access and role i should be having ?

Azure App Service
Azure App Service
Azure App Service is a service used to create and deploy scalable, mission-critical web apps.
7,325 questions
Azure Static Web Apps
Azure Static Web Apps
An Azure service that provides streamlined full-stack web app development.
839 questions
{count} votes

Accepted answer
  1. Dan Rios 1,735 Reputation points MVP
    2024-06-20T10:38:11.8066667+00:00

    Hi. I thought I had replied to this earlier, apologies. There is a good step-by-step guide here if you need further steps: https://www.rickroche.com/2022/03/single-sign-on-azure-static-web-apps-and-azure-active-directory/

    GUI steps: https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#register-an-application-with-microsoft-entra-id-and-create-a-service-principal

    1. Sign in to the Microsoft Entra admin center as at least a Cloud Application Administrator.
    2. Browse to Identity > Applications > App registrations then select New registration.
    3. Name the application, for example example-app.
    4. Under Supported account types, select Accounts in this organizational directory only.
    5. Under Redirect URI, select Web for the type of application you want to create. Enter the URI where the access token is sent to.
    6. Select Register.

    Then create a client secret: https://learn.microsoft.com/en-us/entra/identity-platform/howto-create-service-principal-portal#option-3-create-a-new-client-secret

    1. Browse to Identity > Applications > App registrations, then select your application.
    2. Select Certificates & secrets.
    3. Select Client secrets, and then select New client secret.
    4. Provide a description of the secret, and a duration.
    5. Select Add.

    Save the secret somewhere handy as you'll need it later.

    Within the root web app you need to create a 'staticwebapp.config.json' file which contains the Entra auth provider information, you will need the CLIENT ID (you can find this on the app overview page) of your App registration and the secret you just created - this an example I've put together:

    "auth": {
      "identityProviders": {
        "azureActiveDirectory": {
          "registration": {
            "openIdIssuer": "https://login.microsoftonline.com/4af290c8-08df-440d-93db-cbac02bd9b19/v2.0",
            "clientIdSettingName": "AAD_CLIENT_ID",
            "clientSecretSettingName": "AAD_CLIENT_SECRET"
          }
        }
      }
    },
    # creates a friendly /login route redirect to Entra SSO
    {
      "route": "/login",
      "rewrite": "/.auth/login/aad",
    },
    # Block other default providers
    {
      "route": "/.auth/login/github",
      "statusCode": 404
    },
    {
      "route": "/.auth/login/twitter",
      "statusCode": 404
    },
    # auth for all other routes
    {
      "route": "/*",
      "allowedRoles": ["authenticated"]
    },
    # override for unauthorised requests to pages
    "responseOverrides": {
      "401": {
        "redirect": "/login",
        "statusCode": 302
      }
    }
    

    Check out: https://learn.microsoft.com/en-us/azure/static-web-apps/authentication-authorization?WT.mc_id=MVP_319025#set-up-sign-in to view the specific parameters to configure and examples.

    Hope this helps. I can convert this to answer and you can mark it as accepted if it solves your issue.


0 additional answers

Sort by: Most helpful