Setting up Jenkins with Azure AD Authentication

Configuring Azure AD

Run the following command in CLI to generate a service principal:

Save the output generated, as you’ll use it for configuration in Jenkins.

Create a Redirect URL to https://YOURHOST/securityRealm/finishLogin

Set Required Permissions in Azure Active Directory to:

Click on ‘Grant permissions’.

If planning to use an Azure AD group for authorization, create one now.

Configuring Jenkins

Download the ‘Azure AD’ plugin, and restart after installation.

Go to Manage Jenkins → Configure Global Security.

Select ‘Enable Security’ if it isn’t already selected.

Under ‘Security Realm’, select ‘Azure Active Directory’, and fill the information:

Use the button to verify the application.

Set Authorization to ‘Azure Active Directory Matrix-based security’.

Set the Group to be the newly created, and assign the appropriate permissions.

Verify by logging out and logging back in as Azure AD user.


If you accidentally lock yourself out after enabling Azure AD, do the following:

SSH into the server.

modify the config.xml file

Restart Jenkins:

Jenkins is now completely unprotected – so continue working on whatever security strategy you were working on.