Configure Platform Authentication via Microsoft ID

This document describes how to configure Flowgear to authenticate users via a Microsoft ID.

Read more about OpenID Connect on the Microsoft Identity Platform.

Note that OpenID Connect is only used to authenticate users, but not to authorize them. Authentication refers to proving identity, whilst authorize refers to controlling the level of access.

Once a user has been successfully authenticated, Flowgear will enforce the permissions that have been set within the platform for that user.

When configuring authentication via Microsoft ID, you may either:

1. Provide the specific Entra Tenant (formerly Azure AD) ID that a user must exist within (our recommendation), or...
2. Provide the Tenant ID common to indicate that any user with a Microsoft account will be permitted to authenticate (as long as they are also mapped into your Flowgear Tenant).

For the first scenario, follow these steps to obtain the Entra Tenant ID:

1. Sign in to the Azure Portal, and open the Entra blade.
2. Note the Tenant ID property on the Overview tab.
3. Provide the Tenant ID to Flowgear Support via a support ticket, so that your Flowgear Tenant can be correctly configured.
4. Request a user who has owner permission on your Azure Tenant to sign into Flowgear.
5. The user will be prompted to authorize the Flowgear app to authenticate users. Once this has been approved, users will be able to authenticate via their Microsoft IDs.

Note that limiting access to a specific Entra Tenant ID will require that you guest in any external users who need to be able to access your Flowgear Tenant. Flowgear will not have access to your Tenant unless their accounts are guested in.