Integrating BookStack and Azure Active Directory with OpenID Connect

Подписаться 2,2 тыс.

Просмотров 4,9 тыс.

50% 1

In this video we go through the process of integrating BookStack with Azure Active Directory (Azure AD) for authentication using the OpenID Connect (OIDC) standard. The integration includes the ability to sync user Azure group membership with BookStack roles.
► BookStack OIDC Docs: www.bookstackapp.com/docs/adm...
► BookStack Support: www.bookstackapp.com/support/
► BookStack Discord: / discord
► Follow BookStack on Mastodon: fosstodon.org/@bookstack
► Follow BookStack on Twitter: / bookstack_app
► Follow me on Mastodon: fosstodon.org/@danb
0:00 Intro & environment
1:12 OIDC considerations
1:40 Azure app creation
3:40 BookStack initial config
7:47 First login test
9:32 Debugging token data
11:15 Adding Azure group detail
13:10 Configuring group sync
16:10 External Auth ID field
17:33 Group/role mapping
19:00 Auto-initiate login
20:14 Limiting access
22:02 Support & outro
#oidc #azure #azuread #opensource #selfhosted #documentation #wiki #bookstack #foss

Наука

Опубликовано:

4 июл 2024

Ссылка:

Скачать:

Готовим ссылку...

Добавить в:

Мой плейлист

Посмотреть позже

Комментарии : 13

@TomWhi 3 месяца назад

I continue to be blown away by the features and supporting documentation and videos. I was thinking to myself when I saw the OIDC option if it’d work with azure, then I get a recommendation from RU-vid that you’d got a video on it. And again not only helped me understand the bookstack side, but more on app registration and what data is passed. Thank you!

@BookStackApp 3 месяца назад

Great to hear all the effort put into those elements is found useful! Thanks for the kind feedback!

@wiljotiele7565 9 месяцев назад

Excellent video

@BookStackApp 9 месяцев назад

Thanks!

@wiljotiele7565 9 месяцев назад

@@BookStackApp It would be nice if these settings would be accessible through the web interface tho. Modifying them inside docker is not so easy

@BookStackApp 9 месяцев назад

@@wiljotiele7565 Depends on what docker image is being used, but usually you can just define these options as env options, or edit the `.env` via volume files. I know the linuxserver image provides the `.env` file in the mounted `/config` volume for easy instant editing.

@wiljotiele7565 9 месяцев назад

@@BookStackApp i just figured that out from your docker / bookstack video, brilliant, thanks!

@DanFoxley 4 месяца назад

I'm currently using Azure AD SAML with Bookstack, I'd like to move over to using OIDC with Bookstack. I'm guessing it is either / or? To move over to OIDC, I'll need to update the .env file and turn off SAML and configure / enable OIDC. Does that sound mostly correct?

@BookStackApp 4 месяца назад

Yeah, that's all correct. I can't exactly remember if azure provides different user ID values between SAML and OIDC though (this can also depend on configuration since the properties used for ID in both auth options is configurable). If Azure OIDC provides the same ID values as SAML for your users, it should be pretty smooth. If not, then you may have to update the "External Authentication ID" value for users (can be done in bulk via the database or API, otherwise editable per-user in BookStack).

@DanFoxley 4 месяца назад

@@BookStackApp Thx. On Azure my intent is to just create a new Enterprise Application and build it wil OIDC instead off SAML, I won't try and update or change the existing.

@LarsSchretlen 7 месяцев назад

after the config of OpenID Connect i lost the option to login with the default login from the admin account ? how do i make it so that i still able to login with the default admin account. because my SSO user is no admin?

@BookStackApp 7 месяцев назад

You can't run email login alongside OIDC, but you can temporary change the auth method back to login via an email-based account. You could then maybe give admin privilieges to a SSO user account to allow future admin without swapping auth method.