Azure
Single sign-on with Azure
Pritunl supports single sign-on with Azure Active Directory. Azure Active Directory Security and Office 365 groups will be matched to existing organizations.
Create Azure Active Directory App
Open the Azure dashboard and go to the App registrations section of the Azure Active Driectory.
Click New registration and set the Name to Pritunl and Redirect URI to Web. Then set the URL to https://auth.pritunl.com/callback/azure. Once done click Register.
Open Branding and upload the Pritunl Logo. Set the Home page URL to the URL of your Pritunl server. Then click Save.
Open the Authentication tab and enable Access tokens under Implicit grant. Then click Save.
Open API permissions and select Microsoft Graph at the bottom then select Delegated permissions.
In the Directory section enable Directory.Read.All.
In the Group section enable Group.Read.All, once done click Add permissions.
In the User section enable User.Read.
Open API permissions again and select Microsoft Graph then select Application permissions
In the Directory section enable Directoy.Read.All, once done click Add permissions.
After the permissions have been saved click Grant admin consent for Pritunl on the API permissions tab.
Open Certificates & secrets and click New client secret. Then set the Description to Pritunl and set Expires to Never. Once done click Add and copy the Value in the Client secrets. Save this value for the steps below.
Configure Pritunl
Open the Overview of the Pritunl app in App registrations. Copy the Directory (tenant) ID, and Application (client) ID for the configuration below.
Open the Settings in the Pritunl web console and set Single Sign-On to Azure. Copy the Directory ID and Application ID from the steps above. Then copy the Azure key value from the earlier steps into Application Secret. The Default Single Sign-On Organization will be used if none of the Azure groups match an existing Pritunl organization.
Updated 9 months ago