Using this plugin Microsoft Azure Active Directory can be used to login into LimeSurvey, i.e. with a Microsoft365 account.
Follow this guide to register a new app in Azure AD for LimeSurvey. The correct Redirect URI for LimeSurvey can be found in the plugin configuration.
From the overview page In Azure AD then copy the Client ID/"Application ID" and from the endpoints overview the Authorize URL and Access Token URL can be copied.
Create a new Client Secret for the Azure AD app and copy it into the plugin configuration.
Ensure that the granted permissions
include the User.Read permission.
The plugin configuration so far should look like this:
| Option | Value |
|---|---|
| Client ID | 4e921cb2-1d8e-460d-a1f6-1b4c549d9361 |
| Client Secret | k9s7Q~klJchT7SKDKuGevSEDGqbi7oBIZL3X1 |
| Authorize URL | https://login.microsoftonline.com/{tenant}/oauth2/v2.0/authorize |
| Scopes | User.Read |
| Access Token URL | https://login.microsoftonline.com/{tenant}/oauth2/v2.0/token |
With the retrieved access token LimeSurvey can then fetch the user details using the
/me endpoint of the Microsoft Graph API.
This will return the user profile in a flat JSON object for which the following keys
can then be configured for the plugin:
| Option | Value |
|---|---|
| User Details URL | https://graph.microsoft.com/v1.0/me |
| Key for username in user details | |
| Key for e-mail in user details | |
| Key for display name in user details | displayName |
This will use the e-mail for both: the LimeSurvey username and the e-mail.
Following this guide you can restrict access to the LimeSurvey App in Azure AD and thus who can login to LimeSurvey with it.
You can either assign users to the app manually or use an existing security group.