With increasing emphasis on security issues, enterprises are imposing significant restrictions on internal resources and operations accessible to employees. If your Azure account does not have sufficient AAD (i.e., of Microsoft Entra) permissions, you will be unable to swiftly create easy auth in a web app. This article serves as a simple guide to walk you through the process of setting up easy authentication for your web app.
Step 1: Create a Web App
You may choose any combination of region/sku/stack/OS, as it does not affect the overall process.
After this step, we will obtain a callback URL for use in the next step, with the following format:
https://<my-web-app-name>.azurewebsites.net/.auth/login/aad/callback
Here is my example.
https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback
Step 2: Create an App Registration
Input |
Value |
Who can use this application or access this API? |
Accounts in this organizational directory only (Microsoft Non-Production only - Single tenant) |
Redirect URI (optional) Platform |
Web |
Redirect URI (optional) URL |
The callback URL you've setup in Step 1 Example: https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback |
After this step, we will obtain an Application ID and a Tenant ID for use in the next step.
Meanwhile, we will obtain a issuer URL for use in the next step, with the following format:
https://sts.windows.net/<my-tenant-id>/v2.0
Step 3: Setup ID Token from App Registration
Go to Authentication page and check the "ID tokens (used for implicit and hybrid flows)" and save.
Step 4: Setup Easy Auth from Web App
Go to Authentication page, create a new authentication.
Input |
Value |
Identity provider |
Microsoft |
App registration type |
Provide the details of an existing app registration |
Application (client) ID |
The Application (client) ID you've setup in Step 2 |
Issuer URL |
The Issuer URL you've setup in Step 2 |
Allowed token audiences |
It's done!
Step 5: Try to use it.
If it's your first time using it, you'll see this authorization screen. Just click "Accept."