How to Apply Easy Auth on Web App under a High-security policy environment - Microsoft Community Hub
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
How to Apply Easy Auth on Web App under a High-security policy environment
By
theringe
Published May 14 2024 01:58 AM 1,526 Views
theringe
Microsoft
‎May 14 2024 01:58 AM

How to Apply Easy Auth on Web App under a High-security policy environment

‎May 14 2024 01:58 AM

With increasing emphasis on security issues, enterprises are imposing significant restrictions on internal resources and operations accessible to employees. If your Azure account does not have sufficient AAD (i.e., of Microsoft Entra) permissions, you will be unable to swiftly create easy auth in a web app. This article serves as a simple guide to walk you through the process of setting up easy authentication for your web app.

theringe_0-1715662100636.png

 

 

Step 1: Create a Web App

You may choose any combination of region/sku/stack/OS, as it does not affect the overall process.

theringe_1-1715662100638.png

After this step, we will obtain a callback URL for use in the next step, with the following format:

https://<my-web-app-name>.azurewebsites.net/.auth/login/aad/callback

Here is my example.

https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback

 

Step 2: Create an App Registration

Input

Value

Who can use this application or access this API?

Accounts in this organizational directory only (Microsoft Non-Production only - Single tenant)

Redirect URI (optional)

Platform

Web

Redirect URI (optional)

URL

The callback URL you've setup in Step 1

Example: https://easyauth-myapp.azurewebsites.net/.auth/login/aad/callback

After this step, we will obtain an Application ID and a Tenant ID for use in the next step.

theringe_2-1715662100640.pngtheringe_3-1715662100642.png

Meanwhile, we will obtain a issuer URL for use in the next step, with the following format:

https://sts.windows.net/<my-tenant-id>/v2.0

 

Step 3: Setup ID Token from App Registration

Go to Authentication page and check the "ID tokens (used for implicit and hybrid flows)" and save.

theringe_4-1715662100644.png

 

 

Step 4: Setup Easy Auth from Web App

Go to Authentication page, create a new authentication.

Input

Value

Identity provider

Microsoft

App registration type

Provide the details of an existing app registration

Application (client) ID

The Application (client) ID you've setup in Step 2

Issuer URL

The Issuer URL you've setup in Step 2

Allowed token audiences

https://management.azure.com

theringe_5-1715662100645.png

It's done!

 

Step 5: Try to use it.

If it's your first time using it, you'll see this authorization screen. Just click "Accept."

theringe_6-1715662100646.png

 

Co-Authors
Version history
Last update:
‎May 14 2024 01:45 AM
Updated by:
Labels