Valohai Azure Active Directory integration allows keeping Valohai authentication and access control on Azure, avoiding access control setting duplication.
To enable the integration you have to create a new App registration in your Azure AD.
Steps to enable Azure AD integration in Valohai:
- Contact support@valohai.com and send them your Azure AD domain name, e.g. yourdomain.com or yourdomain.onmicrosoft.com., to get it verified for Valohai.
- Create a new Azure AD App registration.
- Configure Valohai organization with the correct access grants.
You can find more detailed instructions for creating the Azure AD App registration and configuring the access grants below.
Requirements
An Azure account that has permission to manage applications in Azure Active Directory (Azure AD). Any of the following Azure AD roles include the required permissions:
- Application administrator
- Application developer
- Cloud application administrator
Create a new App registration
In addition to the instructions here, you can find an in-depth guide for creating a new App registration from Azures’s documentation.
Once you have signed in to Azure portal search and select Azure Active Directory from the top search bar.
Under Manage, select App registrations -> New registration.
Enter a display Name for your application. Users of your application might see the display name when they use the app, for example during sign-in. You can change the display name at any time and multiple App registrations can share the same name.
In most situations select the Accounts in this organizational directory only. To learn more about these options, refer to Azure’s documentation here.
In the Redirect URI type select Web and type in address: https://app.valohai.com/accounts/azure/callback/
Finally, click Register to create the App registration.
Add team grants to Valohai
Adminstrator access required
You must be a Valohai organization admin to be able to add team grants.
- Click on the
Hi, <name>
at the top right corner in the Valohai user interface and navigate toManage <organization>
. - Go to Settings under the organization controls.
- Click on Manage access grants… in the Access Grants box.
- Click on Add new grant…
- Select which teams the matching users will automatically be added. Leave empty if none.
- Add grant IDs; user or group UUIDs in Azure AD to match for.
Only users with added grant IDs can access Valohai.
How to find UUID for a user or a group in Azure AD
User
Navigate to Azure AD - Users and find the UUID under the specific user.
Group
Navigate to Azure AD - Group and find the UUID under the specific group.
Now, users that have or will have Azure AD login enabled and are part of the AD group configured under access grants will be automatically added to your Valohai organization.
That’s it, you’re all done now! 🎉
Users shoud login with AzureAD
Tell users to login to the platform using the AzureAD login link on the login page, instead of creating a seperate login for Valohai.