2021-11-01 14:56:24 +00:00
---
title: Azure AD
---
2022-06-15 19:31:34 +00:00
< span class = "badge badge--secondary" > Support level: Community< / span >
2021-11-01 14:56:24 +00:00
## Preparation
The following placeholders will be used:
2022-05-09 19:22:41 +00:00
- `authentik.company` is the FQDN of the authentik install.
2021-11-01 14:56:24 +00:00
## Azure setup
2022-05-09 19:22:41 +00:00
1. Navigate to [portal.azure.com ](https://portal.azure.com ), and open the _App registration_ service
2021-11-01 14:56:24 +00:00
2. Register a new application
2022-05-09 19:22:41 +00:00
Under _Supported account types_ , select whichever account type applies to your use-case.
2021-11-01 14:56:24 +00:00
![](./aad_01.png)
2022-05-09 19:22:41 +00:00
3. Take note of the _Application (client) ID_ value.
If you selected _Single tenant_ in the _Supported account types_ prompt, also note the _Directory (tenant) ID_ value.
4. Navigate to _Certificates & secrets_ in the sidebar, and to the _Client secrets_ tab.
2021-11-01 14:56:24 +00:00
5. Add a new secret, with an identifier of your choice, and select any expiration. Currently the secret in authentik has to be rotated manually or via API, so it is recommended to choose at least 12 months.
2022-05-09 19:22:41 +00:00
6. Note the secret's value in the _Value_ column.
2021-11-01 14:56:24 +00:00
## authentik Setup
2022-05-09 19:22:41 +00:00
In authentik, create a new _Azure AD OAuth Source_ in Resources -> Sources.
2021-11-01 14:56:24 +00:00
Use the following settings:
2022-05-09 19:22:41 +00:00
- Name: `Azure AD`
- Slug: `azure-ad` (this must match the URL being used above)
- Consumer key: `*Application (client) ID* value from above`
- Consumer secret: `*Value* of the secret from above`
2021-11-01 14:56:24 +00:00
2022-05-09 19:22:41 +00:00
If you kept the default _Supported account types_ selection of _Single tenant_ , then you must change the URLs below as well:
2021-11-01 14:56:24 +00:00
2022-05-09 19:22:41 +00:00
- Authorization URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/authorize`
- Access token URL: `https://login.microsoftonline.com/*Directory (tenant) ID* from above/oauth2/v2.0/token`
2021-11-01 14:56:24 +00:00
![](./authentik_01.png)
Save, and you now have Azure AD as a source.
:::note
2022-12-12 15:52:00 +00:00
For more details on how-to have the new source display on the Login Page see [here ](../general#add-sources-to-default-login-page ).
2021-11-01 14:56:24 +00:00
:::