Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Test the showcase with AD MFA. #614

Closed
christophe-f opened this issue Oct 16, 2023 · 5 comments
Closed

Test the showcase with AD MFA. #614

christophe-f opened this issue Oct 16, 2023 · 5 comments
Assignees
@Zaperex
Labels
kind/chore

Comments

@christophe-f
Copy link
Contributor

What needs to be done?
@kadel kadel assigned schultzp2020 and Zaperex and unassigned schultzp2020 Oct 18, 2023
@Zaperex
Copy link
Member

Zaperex commented Oct 24, 2023
edited
Loading

Testing the showcase with Azure DevOps Multi-Factor Authentication is currently blocked by #588 and #602

@Zaperex
Copy link
Member

Zaperex commented Nov 13, 2023

@christophe-f just want to confirm, but is AD supposed to stand for Active Directory or Azure DevOps?

@christophe-f
Copy link
Contributor Author

Azure Directory

@Zaperex
Copy link
Member

Zaperex commented Nov 15, 2023
edited
Loading

@christophe-f so it appears the Azure Active Directory is now know as Microsoft Entra ID. Backstage currently has the Azure EasyAuth provider that authenticates users using Microsoft Entra ID (formerly Azure Active Directory) for PaaS service hosted in Azure that support Easy Auth, such as Azure App Services. I was wondering if this issue overlaps with this Jira issue involving testing Azure EasyAuth Provider?

EDIT: nevermind, this one requires MFA to be configured. I currently don't have any instances where I can do that at the moment. I've confirmed that you can authenticate with Azure using Microsoft Entra ID at least using the Microsoft Azure Provider.

@Zaperex
Copy link
Member

Zaperex commented Nov 15, 2023
edited
Loading

Update: Authenticating using the azure auth provider for Azure Active Directory (now called Microsoft Entra ID) with Multi-Factor Authentication works.

sign-in-email sign-in-password sign-in-mfa

auth-providers

I used the 30 day Microsoft Entra ID P2 free trial to setup a test organization on Azure for Microsoft Entra ID. I setup an app with the permissions described in the backstage docs for the azure auth provider, and adding the proper web direct URL.

Then I setup a test user for the organization and enforced MFA for the user. Then I logged in with the test user in an incognito tab to setup the 2FA app.

Then I applied the configurations for the auth provider:

auth:
  environment: production
    microsoft: 
      production: 
        clientId: ${AZURE_CLIENT_ID}
        clientSecret: ${AZURE_CLIENT_SECRET}
        tenantId: ${AZURE_TENANT_ID}
signInPage: microsoft

When I sign-in, I get redirected to sign-in using an azure account and when I do, it asks for password and MFA. Once MFA is complete, the user is then able to login.

@Zaperex Zaperex closed this as completed Nov 17, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Zaperex Zaperex

Labels
kind/chore
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@christophe-f @Zaperex @schultzp2020