---
myst:
html_meta:
"description lang=en": "Microsoft Public OpenID setup guide for Workspaces authentication."
"keywords": "Kasm, Microsoft, Public, OpenID, OIDC"
"property=og:locale": "en_US"
---
```{title} Microsoft (Public) OpenID Setup
```
## Microsoft (Public) OpenID Setup
This guide walks through a basic setup allowing Microsoft users to authenticate with your Kasm deployment.
Reference Docs:
- <https://docs.microsoft.com/en-us/azure/active-directory/develop/quickstart-register-app>
- <https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-v2-protocols>
### Creating a Microsoft OAuth App
1. Login to the Microsoft Azure Portal: <https://portal.azure.com/>
2. Select **Azure Active Directory**.
```{figure} /images/oidc/microsoft/azure_ad.png
:align: center
:width: 90%
**Azure Active Directory**
```
3. Select **App Registrations**.
```{figure} /images/oidc/microsoft/app_registrations.png
:align: center
:width: 20%
**App Registration**
```
4. Select New Registration.
5. Give the app a Name (e.g {code}`Kasm`).
6. In the **Supported account types** select **Accounts in any organizational directory (Any Azure AD directory - Multitenant) and personal Microsoft accounts (e.g. Skype, Xbox)**.
```{warning}
In this example, we walk through creating an integration where any Microsoft user can auth with the Kasm app. This is ideal for a public
facing deployment. Other options are available for single-tenant and multi-tenant configurations.
```
```{figure} /images/oidc/microsoft/register_app.png
:align: center
:width: 70%
**Register App**
```
7. On the next page, the **Application (client) ID** is shown, save this value as the Client ID to be used in the next section.
8. Select **Add a certificate or secret** next to **Client credentials**.
```{figure} /images/oidc/microsoft/client_credentials.png
:align: center
:width: 70%
**Client Credentials**
```
09. Select the **Client secrets** tab, then slick **New client secret**.
10. Enter a description and expiration then click **Add**.
11. The credentials are shown, save the **Value** as the **Client Secret** to be used in the next section.
```{figure} /images/oidc/microsoft/client_secret.png
:align: center
:width: 70%
**Client Secret**
```
### Kasm OpenID Config
1. Log into the Kasm UI as an administrator.
2. Select **Authentication** -> **OpenID** -> **Create New Configuration**.
3. Update the form with the following entries, using the **Client ID** and **Client Secret** gathered in the previous section.
```{eval-rst}
+------------------------+--------------------------------------------------------------------------------+
| **Property** | **Value** |
+------------------------+--------------------------------------------------------------------------------+
| **Display Name** | Continue with Microsoft |
+------------------------+--------------------------------------------------------------------------------+
| **Logo URL** | :code:`https://www.microsoft.com/favicon.ico` |
+------------------------+--------------------------------------------------------------------------------+
| **Enabled** | Checked |
+------------------------+--------------------------------------------------------------------------------+
| **Auto Login** | Unchecked |
+------------------------+--------------------------------------------------------------------------------+
| **Hostname** | <Empty> |
+------------------------+--------------------------------------------------------------------------------+
| **Default** | Checked |
+------------------------+--------------------------------------------------------------------------------+
| **Client ID** | <Client ID From Microsoft OAuth App> |
+------------------------+--------------------------------------------------------------------------------+
| **Client Secret** | <Client Secret from Microsoft OAuth App> |
+------------------------+--------------------------------------------------------------------------------+
| **Authorization URL** | :code:`https://login.microsoftonline.com/common/oauth2/v2.0/authorize` |
+------------------------+--------------------------------------------------------------------------------+
| **Token URL** | :code:`https://login.microsoftonline.com/common/oauth2/v2.0/token` |
+------------------------+--------------------------------------------------------------------------------+
| **User Info URL** | :code:`https://graph.microsoft.com/oidc/userinfo` |
+------------------------+--------------------------------------------------------------------------------+
| **Scope** | :code:`openid` |
| | :code:`email` |
| | :code:`profile` |
+------------------------+--------------------------------------------------------------------------------+
| **Username Attribute** | :code:`email` |
+------------------------+--------------------------------------------------------------------------------+
| **Groups Attribute** | Unchecked |
+------------------------+--------------------------------------------------------------------------------+
| **Debug** | Unchecked |
+------------------------+--------------------------------------------------------------------------------+
```
```{figure} /images/oidc/microsoft/kasm_oidc_configuration.png
:align: center
:width: 70%
**Kasm OIDC Configurations**
```
6. Click **Submit** to save the changes.
### Microsoft Login Test
1. Logout of the Kasm to display the login screen. The OpenID configuration should be shown.
```{figure} /images/oidc/microsoft/login.png
:align: center
:width: 50%
**Login Screen**
```
2. Click **Continue with Microsoft**
3. The user is redirected to Microsoft for auth.
```{figure} /images/oidc/microsoft/authorization.png
:align: center
:width: 50%
**Microsoft Auth**
```
4. Upon completion, the user is logged into the Kasm app.