Connect Directus with Microsoft AD

Pre-requisite

• Dockers, docker network and docker compose.
• Directus Headless CMS
• Microsoft AD SSO with OpenID

Microsoft AD Setup

Create an AD application for web.

Add a Redirect URIs in AD application for login callback purpose,

<instance domain>/auth/login/microsoft/callback

(It only allowed http with localhost or https with non-localhost.)

Create a Client Secrets in AD application, keep the value when secret is generated.

Specify the provider in docker-compose.yml file, under environment of directus.

AUTH_PROVIDERS: "microsoft"
AUTH_MICROSOFT_DRIVER: "openid"
AUTH_MICROSOFT_CLIENT_ID: <Application (client) ID>
AUTH_MICROSOFT_CLIENT_SECRET: <Client Secrets generated>
AUTH_MICROSOFT_ISSUER_URL: "https://login.microsoftonline.com/<Directory (tenant) ID>/v2.0/.well-known/openid-configuration"
AUTH_MICROSOFT_SCOPE: <check the well-known metadata endpoint to confirm what scope is supported, usually are "openid profile email">
AUTH_MICROSOFT_IDENTIFIER_KEY: <check the well-known metadata endpoint to confirm what claim is supported, usually is "email">
AUTH_MICROSOFT_ICON: <Fontawesome icon name, e.g. microsoft>
AUTH_MICROSOFT_LABEL: <Button label, it will show "Login with `label`">
AUTH_MICROSOFT_DEFAULT_ROLE_ID: <role_id - Get the role id from URL address when access the role in “Access Control” → “<Role>”>

Restart docker instance, then you shall see the login button,

References

• https://github.com/khezen/compose-postgres
• https://www.sqlshack.com/getting-started-with-postgresql-on-docker/
• https://github.com/FL0R1AN84/directus-docker-compose/blob/main/docker-compose.yml
• https://github.com/directus/directus/blob/main/docker-compose.yml
• https://docs.directus.io/self-hosted/config-options.html
• https://www.docker.com/products/docker-desktop/
• https://docs.directus.io/self-hosted/sso.html