Skip to main content

Add AzureAD Identity Provider

Add AzureAD Identity Provider

Request Body required
  • name string
  • clientId string

    client id generated by the Azure AD

  • clientSecret string

    client secret generated by the Azure AD

  • tenant object

    Defines what kind of accounts are allowed to authenticate (Personal, Organizational, All). If not provided the common tenant will be used (All accounts)

  • tenantType string

    Possible values: [AZURE_AD_TENANT_TYPE_COMMON, AZURE_AD_TENANT_TYPE_ORGANISATIONS, AZURE_AD_TENANT_TYPE_CONSUMERS]

    Default value: AZURE_AD_TENANT_TYPE_COMMON

  • tenantId string
  • emailVerified boolean

    Azure AD doesn't send if the email has been verified. Enable this if the user email should always be added verified in ZITADEL (no verification emails will be sent)

  • scopes string[]

    the scopes requested by ZITADEL during the request to Azure AD

  • providerOptions object
  • isLinkingAllowed boolean

    Enable if users should be able to link an existing ZITADEL user with an external account.

  • isCreationAllowed boolean

    Enable if users should be able to create a new account in ZITADEL when using an external account.

  • isAutoCreation boolean

    Enable if a new account in ZITADEL should be created automatically when login with an external account.

  • isAutoUpdate boolean

    Enable if a the ZITADEL account fields should be updated automatically on each login.

Responses

A successful response.

Schema
  • details object
  • sequence uint64

    on read: the sequence of the last event reduced by the projection

    on manipulation: the timestamp of the event(s) added by the manipulation

  • creationDate date-time

    on read: the timestamp of the first event of the object

    on create: the timestamp of the event(s) added by the manipulation

  • changeDate date-time

    on read: the timestamp of the last event reduced by the projection

    on manipulation: the

  • resourceOwner resource_owner is the organization an object belongs to
  • id string
POST /idps/azure

Authorization

type: oauth2flow: authorizationCodescopes: openid,urn:zitadel:iam:org:project:id:zitadel:aud

Request

Base URL
https://$ZITADEL_DOMAIN/admin/v1
Bearer Token
Content-Type
Body required
{

  "name": "Azure AD",

  "clientId": "client-id",

  "clientSecret": "secret",

  "tenant": {

    "tenantType": "AZURE_AD_TENANT_TYPE_COMMON",

    "tenantId": "string"

  },

  "emailVerified": true,

  "scopes": [

    "openid",

    "profile",

    "email",

    "User.Read"

  ],

  "providerOptions": {

    "isLinkingAllowed": true,

    "isCreationAllowed": true,

    "isAutoCreation": true,

    "isAutoUpdate": true

  }

}
Accept
curl -L -X POST 'https://$ZITADEL_DOMAIN/admin/v1/idps/azure' \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-H 'Authorization: Bearer <TOKEN>' \
--data-raw '{
  "name": "Azure AD",
  "clientId": "client-id",
  "clientSecret": "secret",
  "tenant": {
    "tenantType": "AZURE_AD_TENANT_TYPE_COMMON",
    "tenantId": "string"
  },
  "emailVerified": true,
  "scopes": [
    "openid",
    "profile",
    "email",
    "User.Read"
  ],
  "providerOptions": {
    "isLinkingAllowed": true,
    "isCreationAllowed": true,
    "isAutoCreation": true,
    "isAutoUpdate": true
  }
}'