Valohai Azure Active Directory integration allows keeping Valohai authentication and access control on Azure, avoiding access control setting duplication.
To enable the integration you have to create a new App registration in your Azure AD.
Steps to enable Azure AD integration in Valohai:
- Contact firstname.lastname@example.org and send them your Azure AD domain name to get it verified for Valohai.
- Create a new Azure AD App registration.
- Configure Valohai organization with the correct access grants.
Contact Valohai support
Send an email to email@example.com and include your Azure AD domain name, e.g. yourdomain.com or yourdomain.onmicrosoft.com. Valohai support will verify your domain with Valohai.
Create a new App registration
In addition to the instructions here, you can find in-depth guide for creating a new App registration from Microsoft: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
- Azure account that has permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:
Once you have signed in to Azure portal search and select Azure Active Directory from the top search bar.
Under Manage, select App registrations -> New registration.
Enter a display Name for your application. Users of your application might see the display name when they use the app, for example during sign-in. You can change the display name at any time and multiple App registrations can share the same name.
In most situations select the Accounts in this organizational directory only. You can find more information on these options from: https://learn.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app
In the Redirect URI type select Web and type in address: https://app.valohai.com/accounts/azure/callback/
Finally, click Register to create the App registration.
Add team grants for your users in your Valohai organization
You must be a Valohai organization admin to be able to add team grants.
Login at https://app.valohai.com/
Go to Settings under the organization controls.
Click on Manage access grants…in the Access Grants box.
Click on Add new grant…
Select which teams the matching users will automatically be added. Leave empty if none.
Add grant IDs; user or group UUIDs in Azure AD to match for.
- Only users with added grant IDs can access Valohai.
How to find UUID for a user or a group in Azure AD
Navigate to Azure AD - Users and under the specific user:
Navigate to Azure AD - Groups and under the specific group:
Now, users that have or will have Azure AD login enabled and are part of the AD group configured under access grants will automatically be added to your Valohai organization.
That’s it, you're all done now! 🎉
Please sign in to leave a comment.