Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employee's sign in and access resources.
¶ Setup
¶ A) Copy the redirect URI
- In the Administration Area of your wiki, click on Authentication in the left navigation.
- Add a new Azure Active Directory auth strategy.
- Copy the Redirect URI value found under the configuration reference section. Keep this page opened. We'll come back to it later.
¶ B) Create Azure AD Application
- From the Azure Portal, open the Azure Active Directory resource.
- Click on App registrations in the left navigation and then click New registration at the top.
- Enter a Name (e.g. Wiki.js) and enter the Redirect URI you copied earlier.
- Click Register.
- Copy the Application (client) ID, you'll need it later.
- Click on Endpoints at the top and copy the endpoint value for OpenID Connect metadata document (e.g.
https://login.microsoftonline.com/YOUR_TENANT_ID/v2.0/.well-known/openid-configuration), you'll need it later. - (Optional) Click on Branding in the left navigation and enter the necessary info to make it easier for your users.
- Click on Authentication in the left navigation and enter the Logout URL (
https://YOUR-WIKI.DOMAIN.COM) and make sure the ID tokens checkbox under Implicit grant is checked, then click Save at the top. - Click on API permissions in the left navigation and ensure the Microsoft Graph > User.Read permission is listed.
- (Optional) In the API permissions section, you can Grant admin consent on behalf of all users in the directory. This will prevent the consent screen from being shown to the user the first time they login, which is often preferable in an internal organization environment.
¶ C) Enable the Azure AD strategy in Wiki.js
- Go back to the Wiki.js administration page from step A.
- Enter the Identity Metadata Endpoint and Client ID values copied earlier.
- Enable the Self-registration option (unless you plan on authorizing users manually).
- Select the group new users should be assigned to when they login for the first time.
- Make sure the checkbox next to Azure Active Directory in the list of strategies is checked. The text should now say that the strategy is active.
- Click Apply on the upper right of the page to save and apply the configuration.
