Azure Active Directory Integration – Valohai Help

Valohai Azure Active Directory integration allows keeping Valohai authentication and access control on Azure, avoiding access control setting duplication.

To enable the integration you have to create a new App registration in your Azure AD.

Steps to enable Azure AD integration in Valohai:

Contact support@valohai.com and send them your Azure AD domain name to get it verified for Valohai.
Create a new Azure AD App registration.
Configure Valohai organization with the correct access grants.

Contact Valohai support

Send an email to support@valohai.com and include your Azure AD domain name, e.g. yourdomain.com or yourdomain.onmicrosoft.com. Valohai support will verify your domain with Valohai.

Create a new App registration

In addition to the instructions here, you can find in-depth guide for creating a new App registration from Microsoft: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

Prerequisites

Azure account that has permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:

Once you have signed in to Azure portal search and select Azure Active Directory from the top search bar.

Under Manage, select App registrations -> New registration.

Enter a display Name for your application. Users of your application might see the display name when they use the app, for example during sign-in. You can change the display name at any time and multiple App registrations can share the same name.

In most situations select the Accounts in this organizational directory only. You can find more information on these options from: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app

In the Redirect URI type select Web and type in address: https://app.valohai.com/accounts/azure/callback/

Finally, click Register to create the App registration.

Add team grants for your users in your Valohai organization

You must be a Valohai organization admin to be able to add team grants.

Login at https://app.valohai.com/
Navigate toHi,<name>(thetoprightmenu)>Manage<organization>
Go to Settings under the organization controls.
Click on Manage access grants…in the Access Grants box.
Click on Add new grant…
Select which teams the matching users will automatically be added. Leave empty if none.
Add grant IDs; user or group UUIDs in Azure AD to match for.
Only users with added grant IDs can access Valohai.

How to find UUID for a user or a group in Azure AD

User

Navigate to Azure AD - Users and under the specific user:

Group

Navigate to Azure AD - Groups and under the specific group:

Now, users that have or will have Azure AD login enabled and are part of the AD group configured under access grants will automatically be added to your Valohai organization.

That’s it, you're all done now! 🎉

Note that you don’t need to send Valohai organization invitations to the users. Just tell them to register to Valohai and activate AD login like described in the link below. They will be automatically added to the organization and potentially specified teams: https://help.valohai.com/hc/en-us/articles/12476608904849-Join-a-Valohai-organization-using-Azure-AD