https://www.ory.sh/ logo
Join Slack
Powered by
Hey! I have a couple of newbie questions regarding...
# ory-selfhosting
f
Hey! I have a couple of newbie questions regarding self-hosted Ory Kratos and Azure SSO setup. I'm trying to integrate Azure SSO with the Kratos self-service example UI. I’ve followed the guide at https://www.ory.sh/docs/self-hosted/kratos/configuration/oidc and updated my kratos.yml with the Azure OIDC provider config. However, I suspect the client app needs to be modified to handle the redirects between Ory and Azure, particularly for initiating the flow and displaying the login button. So my question is: is there an official or community-maintained example app that demonstrates Azure SSO integration with self-hosted Kratos? I found this discussion, but couldn’t locate a working example in the repo. If nothing exists, could someone outline the high-level steps needed to get the self-service UI working with Azure SSO? Thanks in advance!
👀 1
m
Hello @flat-hospital-33004 you can find community examples here: https://github.com/ory/awesome-ory for azure SSO follow the steps here (under Ory CLI for selfhosted): https://www.ory.sh/docs/kratos/social-signin/microsoft - you dont need to modify the client app, if you use the node-selfservice UI it should handle this automatically..
bot answer might also be helpful No Azure-specific changes are needed in the UI. The self-service UI dynamically renders login options (including OIDC providers like Azure) based on the methods enabled in your Kratos configuration. If you have correctly configured Azure as an OIDC provider in your 
kratos.yml
, the UI will automatically display the "Sign in with Azure" button as part of the OIDC method group. The UI simply renders what Kratos provides in the flow data—no provider-specific code is required*12*. 1. Register your application in Azure and obtain the Client ID, Client Secret, and set the correct Redirect URI (matching the pattern required by Kratos). 2. Configure Azure as an OIDC provider in your 
kratos.yml
. This includes setting the 
client_id
, 
client_secret
, 
issuer_url
, and a Jsonnet data mapping for claims. 3. Set up the redirect URI in both Azure and Kratos to match the required pattern: 
http(s)://<domain-of-ory-kratos>:<public-port>/self-service/methods/oidc/callback/<provider-id>
4. Add the session hook to your Kratos config to avoid users needing to log in again after sign-up: 5. 
selfservice:
6. 
flows:
7. 
registration:
8. 
after:
9. 
oidc:
10. 
hooks:
11. 
- hook: session
12. Run the self-service UI. When the login flow is initialized, Kratos will include the OIDC method and the UI will render the Azure login button automatically*12*. 13. Test the flow: When a user clicks the Azure login button, the UI will POST to Kratos, which will handle the redirect to Azure and back. For more details, see the OIDC provider configuration guide and the Azure-specific setup.
Open in Slack
PreviousNext
Powered by