Integration of Azure AD with Hashicorp Vault

The goal should be to handle the complete authentication of all users as well as the assignment of policies via an Azure AD.

We activated the corresponding Auth Method (azure) and configured it as far as the documentation allowed.
(And the documentation doesn’t really give much away!)

When logging into the Vault, the Azure method is not offered.
There are still only tokens or users for the locally created users.

If we use the email address stored in Azure as the user name, we receive the following error: “Authentication failed: unsupported path”.
If I enter the corresponding path to the auth method under Mount Path, I receive the following error message: “Authentication failed: missing client token”.
There are no errors in the Vault log file, our OfficeIT could not locate any errors in Azure.

How can I functionally implement authentication against Azure?
Our OfficeIT would like to know what has to be entered under ‘Resource’.
It requires an application link from us that should refer to the SSO interface of Azure.

I think the OIDC auth method would be a better fit for your use case.


Azure AD specific settings:

Recent post about some configuration specifics that may be useful: