Use this function to configure authorization through Microsoft Azure Active Directory.
On the AzureAD side
On the Azure AD side, please, specify:
Callback: https://<yourworkspacename.api.picvario.com>/oauth2/callback
For example: https://endemo.api.picvario.com/oauth2/callback
The Python-Django library is used to implement the functionality. On the server side, the settings should be made in accordance with the instructions on the link:
https://django-auth-adfs.readthedocs.io/en/latest/settings_ref.html
On the Picvario side
In the admin panel go to Home › Options › Options and create the following parameters:
| Parameter | Example | How to get |
| ADFS_AUTH_ENABLED | True | |
| ADFS_CLIENT_ID | 3aaf3b0c-6287-45d6-a128-5a20bf6652cc | 1. Login into your azure account. 2. Select azure active directory in the left sidebar. 3. Click Enterprise applications. 4. Click All applications. 5. Select the application which you have created. 6. Click Properties. 7. Copy the Application ID . |
| ADFS_CLIENT_SECRET | 3f-Wx.X8xc3-QP~5Ly2FSbBvGGtNRch4Dp | 1. Login into your azure account. 2. Select azure active directory in the left sidebar. 3. Click App registrations. 4. Select the application which you have created. 5. Click on All settings. 6. Click on Keys. 7. Type Key description and select the Duration. 8. Click save. 9. Copy and store the key value. You won't be able to retrieve it after you leave this page. |
| ADFS_TENANT_ID | ed842bf4-620f-4653-8951-ad92e71530ed | 1. Login into your azure account. 2. Select azure active directory in the left sidebar. 3. Click properties. 4. Copy the directory ID. |
| ADFS_RELYING_PARTY_ID | 3aaf3b0c-6287-45d6-a128-5a20bf6652cc | Filled with the value ADFS_CLIENT_ID |
| ADFS_AUDIENCE | 3aaf3b0c-6287-45d6-a128-5a20bf6652cc | Filled with the value ADFS_CLIENT_ID |
| ADFS_GROUPS_CLAIM | groups | Name of the claim in the JWT access token from ADFS that contains the groups the user is member of. If an entry in this claim matches a group configured in Django, the user will join it automatically. Set this setting to None to disable automatic group handling. The group memberships of the user will not be touched. |
The added users will not have any permissions. Please, learn how to manage access rules in this section.