Sign in with Microsoft Entra ID aka Active Directory
Enable signing in with a Microsoft account in Mage.
Pre-requisites
First, you’ll need to enable user authentication within Mage. You can find out more about this in the Overview page.
Enable Microsoft sign in
There are two ways to enable Microsoft sign in. You can either register an application in your organization’s own Microsoft Entra ID, or use the default Mage application. We recommend registering your own application unless there is a specific reason you cannot do so.
Configurable environment variables
To configure the environment for Microsoft Azure Cloud and Microsoft Azure Gov Cloud sign-in, you need to set the following environment variables:
- You can set the
AZURE_HOST
environment variable to one of the following based on your environment:
- You can set the
MICROSOFT_GRAPH_API_HOST
environment variable to one of the following basd on your environment:
Map AD role to Mage role
You will need to have created your own application and have app roles in order for this mapping to work.
You can map Active Directory roles to Mage roles by setting the ACTIVE_DIRECTORY_ROLES_MAPPING
environment variable.
The value should be a JSON object with the AD role as the key and the name of the Mage role as the value. For example:
export ACTIVE_DIRECTORY_ROLES_MAPPING='{"Mage.Edit": "Editor", "Mage.Admin": "Admin"}'
You can find the AD role value in the App roles section of your application in the Azure Portal.
When a user signs in for the first time with their Microsoft account, Mage will use this mapping to automatically add the appropriate roles to the user.
Was this page helpful?