Configure Platform Authentication via Microsoft ID
This document describes how to configure Flowgear to authenticate users via a Microsoft ID.
Read more about OpenID Connect on the Microsoft identity platform.
Note that OpenID Connect is only used to authenticate users but not to authorize them. 'Authentication' refers to proving identity while 'authorize' refers to controlling the level of access.
Once a user has been successfully authenticated, Flowgear will enforce the permissions that have been set within the platform for that user.
When configuring authentication via Microsoft ID you may:
- Provide the specific Entra Tenant (formerly Azure AD) ID that a user must exist within (recommended) or
- Provide the Tenant ID
common
to indicate that any user with a Microsoft account will be permitted to authenticate (as long as they are also mapped into the Flowgear tenant)
For the first scenario, follow these steps to obtain the Entra Tenant ID
- Sign in to the Azure portal and open the Entra blade
- Note the Tenant ID property on the
Overview
tab - Provide the Tenant ID to Flowgear via support ticket so that your Flowgear tenant can be correctly configured
- Request a user who has owner permission on your Azure Tenant to sign in to Flowgear
- The user will be prompted to authorize the Flowgear app to authenticate users. Once this has been approved, users will be able to authenticate via their Microsoft ID's.
Note that limiting access to a specific Entra Tenant ID will require that you guest in any external users who need to be able to access your Flowgear tenant. Flowgear staff will not have access to your tenant unless their accounts are guested in.