> ## Documentation Index
> Fetch the complete documentation index at: https://docs.kobble.io/llms.txt
> Use this file to discover all available pages before exploring further.

# Azure AD (Microsoft)

> Configure Azure AD OAuth for your Customer Portal.

## Overview

Offering a sign in with Azure AD in your Customer Portal may be a good idea for businesses that already use Microsoft services. It allows your users to sign in with their Microsoft account, which is convenient and secure.

To support Sign in with Azure AD you need to configure the Azure AD provider in the Kobble dashboard for your project.

Once configured, the Azure AD sign-in button will automatically be added on your Kobble Customer Portal.

## Configuration

1. Navigate to the [Authentication](https://app.kobble.io/p/authentication) section and choose the Azure AD provider.
2. Copy the provided Redirect URI. Note this URI will change if you configure a custom domain later.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-1.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=4d6128f0b99e8db91faa231915670adb" alt="Azure AD Configuration 1" width="2367" height="1707" data-path="images/settings/auth/azure-ad-configuration-1.png" />

3. Open your [Azure Portal](https://portal.azure.com/) and navigate to the Azure Active Directory section.
4. Click on App registrations and then New registration.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-2.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=5e95ff73304679bffd160fb03f165c68" alt="Azure AD Configuration 2" width="1288" height="546" data-path="images/settings/auth/azure-ad-configuration-2.png" />

5. Fill the OAuth form on your Azure Portal. Choose a Web platform and paste the Redirect URI provided by Kobble.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-3.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=ff1fa4afe831fd45771b62698b685f81" alt="Azure AD Configuration 3" width="1546" height="1488" data-path="images/settings/auth/azure-ad-configuration-3.png" />

6. Save your app.
7. On the app page, create a new Client Secret by clicking on Add a certificate or secret

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-4.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=efcd03b8b9786436c72c4740686ae1bc" alt="Azure AD Configuration 4" width="1600" height="595" data-path="images/settings/auth/azure-ad-configuration-4.png" />

8. Select an expiration date that fits your needs and save the secret.
9. Copy/paste the Client Id and Client Secret into your Kobble settings, turn on the Enabled switch and save.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-5.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=d13daf8fbb82611139a92be17a4a3408" alt="Azure AD Configuration 5" width="2372" height="1698" data-path="images/settings/auth/azure-ad-configuration-5.png" />

10. Go to API Permissions in the left menu of your Azure Portal.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-6.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=3dbd09cac4fbc0b7ad3bc74006fa727c" alt="Azure AD Configuration 6" width="766" height="1308" data-path="images/settings/auth/azure-ad-configuration-6.png" />

11. Click on Add a permission
12. In the slider, click on Microsoft Graph and choose Delegated permissions
13. Select the following permissions: **email**, **openid**, **profile** and save.

<img src="https://mintcdn.com/kobble/hy82n-p3NucxH50S/images/settings/auth/azure-ad-configuration-7.png?fit=max&auto=format&n=hy82n-p3NucxH50S&q=85&s=f74d01568573de592c0ebc57daadaea6" alt="Azure AD Configuration 6" width="1366" height="968" data-path="images/settings/auth/azure-ad-configuration-7.png" />

<Warning>Don't forget to add the following permissions to your Azure configuration: **email**, **openid**, **profile**.</Warning>

🎉 Et voilà! Your customer can now use Azure AD to sign-in in your authentication portal. No further action is required on your end.

<Warning>In case you change your Customer Portal domain later, you will have to go through this process again and update your Authorized Redirect URI in your Azure Client ID.</Warning>