Configuring Azure AD
Run the following command in CLI to generate a service principal:
Save the output generated, as you’ll use it for configuration in Jenkins.
Create a Redirect URL to https://YOURHOST/securityRealm/finishLogin
Set Required Permissions in Azure Active Directory to:
- Application Permissions (Read Directory Data)
- Delegated Permissions (Read Directory Data)
Click on ‘Grant permissions’.
If planning to use an Azure AD group for authorization, create one now.
Download the ‘Azure AD’ plugin, and restart after installation.
Go to Manage Jenkins → Configure Global Security.
Select ‘Enable Security’ if it isn’t already selected.
Under ‘Security Realm’, select ‘Azure Active Directory’, and fill the information:
- Client ID – ‘appId’
- Client Secret – ‘password’
- Tenant – ‘tenant’
Use the button to verify the application.
Set Authorization to ‘Azure Active Directory Matrix-based security’.
Set the Group to be the newly created, and assign the appropriate permissions.
Verify by logging out and logging back in as Azure AD user.
If you accidentally lock yourself out after enabling Azure AD, do the following:
SSH into the server.
modify the config.xml file
- For the useSecurity item, change to ‘false’
- Remove authorizationStrategy and securityRealm sections.
Jenkins is now completely unprotected – so continue working on whatever security strategy you were working on.