1. Home
2. Apps
3. Authentication
4. Microsoft Entra ID

Microsoft Entra ID

• Step 1: Create a New OAuth 2.0 Client ID
• Step 2: Configure Your App in Keboola
• Step 3: Configure the Authentication Method for Your App
• Step 4: Configure the OAuth Consent Screen
• Step 5: Deploy Your App in Keboola
• Step 6: Test Your App

This document will guide you through the steps needed to set up the OpenID Connect (OIDC) protocol for Keboola apps, specifically for use on Microsoft Entra ID.

Step 1: Create a New OAuth 2.0 Client ID

Follow these steps to create a new OAuth 2.0 client ID in Microsoft Entra ID:

• Go to portal.azure.com.
• Search for Entra ID and select Microsoft Entra ID.
• Click + Add and select App registration.
• Provide a human-readable name for the app.
• Open your app. Go to Manage → Authentication and click Add a platform.
• Choose Web.
• You do not know your redirect URL yet; first, you need to create an app in Keboola.
• Set up group claim.
  The app needs to be able to provide all user groups because this will be necessary later to authenticate users based on groups. To enable this, go to Manage -> Token configuration and click Add groups claim.
• For large companies, we recommend using the last option to retrieve only the groups assigned to the application. Otherwise, all user roles will be included in the response.

This step is unnecessary if you selected All groups in the previous step:

• Assign appropriate groups to the application. Go to Overview and click the link Managed application in local directory.
• Add groups to your application.
• Assign groups and click Assign.

Then you will generate app secrets. Go back to app registrations, then continue to Manage -> Certificates and secrets and create New client secret. Provide a human-readable description and click Add. Save Value because you won’t be able to reveal it.

Step 2: Configure Your App in Keboola

Follow these steps to configure your app in Keboola:

• Go to your Keboola project.
• Click Apps.
• Create a new app by clicking the green + button.
• Give your app a name and click Create App to create the app.

Step 3: Configure the Authentication Method for Your App

Follow these steps to set up the authentication method for your app:

• Go to the newly created app.
• Click the Information & Settings tab.
• Under Authentication, select OIDC and then Azure OIDC.
• Provide credentials from the Azure portal, such as the Client ID, Client Secret, and Tenant ID.
• Click Save to apply the changes.
• Deploy the app to get the app URL, which you will need to specify as the redirect URL.

Step 4: Configure the OAuth Consent Screen

Follow these steps to set up your app’s OAuth consent screen in the Azure portal.

• Go to the Azure portal and open your app.
• Enter the redirect URL.
  Make sure to add /_proxy/callback to the end of your redirect URL. This is how Keboola will send the authentication response to your app. Format of the redirect URL is as follows: https://<dataAppId>.hub.<keboolaConnectionHost>/_proxy/callback (e.g., https://123456789.hub.europe-west3.gcp.keboola.com/_proxy/callback).
• Save the changes.

Step 5: Deploy Your App in Keboola

Follow these steps to deploy the app in Keboola:

• Go back to your app in Keboola.
• Click the Deploy App tab.
• Select the Code or GitHub deployment type, and add the code for your application.
• Click the green Deploy App button to deploy the application.

Step 6: Test Your App

Follow these steps to test your new app:

• Go to the app’s URL.
• You should be asked to log in using your Entra ID account.
• After successfully loging in, you will be redirected to the app.
• The app should display its content.