Connect Directus with Microsoft AD
directus | Directus, Headless CMS docker, microsoft | 2024-05-21
directus | Directus, Headless CMS docker, microsoft | 2024-05-21
Create an AD application for web.
Add a Redirect URIs in AD application for login callback purpose,
<instance domain>/auth/login/microsoft/callback
(It only allowed http with localhost or https with non-localhost.)
Create a Client Secrets in AD application, keep the value when secret is generated.
Specify the provider in docker-compose.yml file, under environment of directus.
AUTH_PROVIDERS: "microsoft"
AUTH_MICROSOFT_DRIVER: "openid"
AUTH_MICROSOFT_CLIENT_ID: <Application (client) ID>
AUTH_MICROSOFT_CLIENT_SECRET: <Client Secrets generated>
AUTH_MICROSOFT_ISSUER_URL: "https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0/.well-known/openid-configuration"
AUTH_MICROSOFT_SCOPE: <check the well-known metadata endpoint to confirm what scope is supported, usually are "openid profile email">
AUTH_MICROSOFT_IDENTIFIER_KEY: <check the well-known metadata endpoint to confirm what claim is supported, usually is "email">
AUTH_MICROSOFT_ICON: <Fontawesome icon name, e.g. microsoft>
AUTH_MICROSOFT_LABEL: <Button label, it will show "Login with `label`">
AUTH_MICROSOFT_DEFAULT_ROLE_ID: <role_id - Get the role id from URL address when access the role in “Access Control” → “<Role>”>
Restart docker instance, then you shall see the login button,