Hi!
I wonder if it’s possible to integrate Vault UI with Azure Active Directory to allow my users to take advantage of its 2FA solution, conditional access and more. Anybody has pointers on that?
Every tutorial or presentation found so far only talks about CLI, and I’d like to offer an UI experience to my users.
Thanks
Hello eric,
yes this is possible. You need to specify the correct allowed redirect URL to your ui following this scheme:
https://hostname.domain:8200/ui/vault/auth/oidc/oidc/callback
This scheme assumes you have mounted the jwt/oidc auth method at /auth/oidc.
You need to configure this in your Azure AD App Registration and those values have to match exactly for your role configuration.
Hope this helps
Best regards!
Thank you @rooftop90
OIDC! That looks super promising. I will have a look at it and reply back the results if someone else needs it.
Thank you!
I’ve successfully configured Azure AD with Vault using this documentation as base. Instead of using groups in AAD, I’ve created roles and mapped them to the group-alias in Vault to distribute local policies to these AAD roles.
This blog post helped a lot (I didn’t use Terraform though):