Azure Active Directory

This guide connects Microsoft Azure active directory to Infra as an identity provider.


To connect Azure active directory via Infra's CLI, run the following command:

infra providers add azure \
  --url${TENANT_ID}/v2.0 \
  --client-id <your azure client id> \
  --client-secret <your azure client secret> \
  --kind azure

Finding required values

  1. Login to the Azure Portal.
  2. Navigate to the Azure Active Directory > App registrations. Register Application
  3. Click New registration
  4. Register the application:
    • For Name write Infra
    • For Redirect URI select Web and add https://<org>
    • Click Register

      If supporting an infra CLI version lower than 0.19.0, also add http://localhost:8301 as a redirect URI.

      Application details
  5. On the Overview tab, click Certificates & secrets > Client secrets
    • Click New client secret. - Description field is optional.
    • In the Add a client secret pane select an expiry. (Note: you will need to generate a new client secret after expiry).
    • Note the client secret value. Add a client secret
  6. Navigate to Token configuration
    • Click Add optional claim.
    • For Token type select ID.
    • From the list of claims select the email claim.
    • Click Add. Add the email claim - If prompted to "Turn on the Microsoft Graph email permission (required for claims to appear in token)", please add it. (You will also add it in the next step.)
  7. Navigate to API permissions.
    • Click Add a permission
    • Click Microsoft Graph
    • Click Delegated permissions
    • Select the following permissions:
      • OpenId permissions > email
      • OpenId permissions > offline_access
      • OpenId permissions > openid
      • GroupMember > GroupMember.Read.All
      • User > User.Read - Click Add permissions.
      • Click Grant admin consent for Default Directory and select Yes when prompted. Add API permissions
  8. From the Overview tab copy the Application (client) ID, Directory (tenant) ID, and Client Secret values and provide them into Infra's Dashboard or CLI.