Skip to content

How to configure authentication

Jump to bottom
Konstantin Lepeshenkov edited this page Nov 29, 2021 · 10 revisions

DfMon (in Standalone and Injected mode) uses AAD to authenticate users and supports both server-directed and client-directed login flows.

Server-directed (cookie-based) flow is the easiest to configure, but relies on Easy Auth module and therefore only works in Azure. Client-directed (token-based) flow works everywhere, but is generally slower and more error-prone.

Configuring DfMon for server-directed login flow

  1. Go to Azure Portal->Azure Active Directory->App Registrations and press New registration:

  2. Give your app registration a name and put https://<my-dfm-function-app-name>.azurewebsites.net/.auth/login/aad/callback as the Redirect URI:

  3. Go to Authentication tab and make sure ID tokens are enabled:

  4. Deploy DfMon with

    Deploy to Azure

    button and set Aad App Client Id setting to this newly created app registration's Client Id:

  5. Restrict the list of allowed users by configuring either DFM_ALLOWED_USER_NAMES or DFM_ALLOWED_APP_ROLES config settings. See more details on these settings in Config Settings Reference.

Configuring DfMon for client-directed login flow

  1. Go to Azure Portal->Azure Active Directory->App Registrations and press New registration:

  2. Give your app registration a name and put https://<my-dfm-endpoint-url> as the Redirect URI:

  3. Go to Authentication tab and make sure ID tokens are enabled:

  4. Deploy DfMon with whatever method you prefer and set the following config settings:

    • WEBSITE_AUTH_CLIENT_ID to the newly created app registration's Client Id;

    • WEBSITE_AUTH_OPENID_ISSUER to https://login.microsoftonline.com/<my-azure-tenant-id>/v2.0.

  5. Restrict the list of allowed users by configuring either DFM_ALLOWED_USER_NAMES or DFM_ALLOWED_APP_ROLES config settings. See more details on these settings in Config Settings Reference.

Clone this wiki locally