This article walks you through setting up single sign-on to Coder using Azure's Active directory.
Configuring Coder's OpenID Connect feature requires you to provide three pieces of information from Azure:
This guide will show you how to set up Azure's Active Directory and obtain the information you need to provide to Coder.
Log in to Azure.
Using the search bar at the top, enter App registrations and click the matching search result.
Click New registration.
Provide a Name for your application.
Select the access option that best fits your needs; the Default Directory only - Single tenant option should be sufficient for testing, but you may need a multitenant option for production environments.
Provide your Redirect URL (it will be formatted similar to
Click Register to proceed.
When Azure has created your app, you'll be redirected to Overview, which displays the app information.
Once you've registered your app, you can obtain your:
On your application's Overview, look for the Application (client) ID under the Essentials section. This is the value Coder expects as the Client ID.
You'll need to create the client secret. To do so:
On your app's Overview page, click Endpoints. Find OpenID Connect metadata document, and copy the first 2/3s of this value.
For example, if the full value is:
/.well-known/openid-configuration, leaving the following as your
Be sure to keep
v2.0, though you must omit the
/ from the end.
If there's an issue during the configuration process, the error message will tell you the value you provided and the value it expected; you can use this information to correct your configuration.
Once you've saved your Azure values, you can complete the remaining steps using the Coder UI.
When done, click Save Preferences.
At this point, Coder validates your configuration before proceeding. If successful, you can expect Coder to send OIDC login attempts to Azure.