Configure Platform Authentication via Microsoft ID

This document describes how to configure Flowgear to authenticate users via a Microsoft ID.

Note that OpenID Connect is only used to authenticate users but not to authorize them. 'Authentication' refers to proving identity while 'authorize' refers to controlling the level of access.

Once a user has been successfully authenticated, Flowgear will enforce the permissions that have been set within the platform for that user.

When configuring authentication via Microsoft ID you may:

Provide the specific Entra Tenant (formerly Azure AD) ID that a user must exist within (recommended) or
Provide the Tenant ID common to indicate that any user with a Microsoft account will be permitted to authenticate (as long as they are also mapped into the Flowgear tenant)

For the first scenario, follow these steps to obtain the Entra Tenant ID

Sign in to the Azure portal and open the Entra blade
Note the Tenant ID property on the Overview tab
Provide the Tenant ID to Flowgear via support ticket so that your Flowgear tenant can be correctly configured
Request a user who has owner permission on your Azure Tenant to sign in to Flowgear
The user will be prompted to authorize the Flowgear app to authenticate users. Once this has been approved, users will be able to authenticate via their Microsoft ID's.

Note that limiting access to a specific Entra Tenant ID will require that you guest in any external users who need to be able to access your Flowgear tenant. Flowgear staff will not have access to your tenant unless their accounts are guested in.