Links
Comment on page

Azure

Use these instructions to set up Azure Active Directory as your SSO provider for Tonic.

Azure configuration

Register Tonic as an application within the Azure Active Directory Portal:
  1. 1.
    In the portal, navigate to Azure Active Directory -> App registrations, then click New registration.
New registration option on App registrations
  1. 2.
    Register Tonic and create a new web redirect URI that points to your Tonic instance's address and the path /sso/callback.
Register an application panel
  1. 3.
    Take note of the values for client ID and tenant ID. You will need them later.
Client ID and tenant ID values for the application
  1. 4.
    Click Add a certificate or secret and create a new client secret
Add a client secret panel
  1. 5.
    Take note of the secret value. You will need this later.
Client secret value
  1. 6.
    Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API:
    • OpenId permissions
      • email
      • openid
      • profile
    • GroupMember
      • GroupMember.Read.All
    • User
      • User.Read
Request API permissions panel
  1. 7.
    Click Grant admin consent for Tonic AI. This allows the application to read the user and group information from your organization.
Grand admin content option for the application
  1. 8.
    When permissions have been granted, the status should change to Granted for Tonic AI.
Status values for the permissions
  1. 9.
    Navigate to Enterprise applications and select Tonic. From here, you can assign the users or groups that should have access to Tonic.

Tonic configuration

In the Tonic web server container, set the following Tonic environment settings:
  • TONIC_SSO_PROVIDER: Azure
  • TONIC_SSO_CLIENT_ID: <Azure Client ID>
  • TONIC_SSO_CLIENT_SECRET: <Azure Client Secret>
  • TONIC_SSO_TENANT_ID: <Azure Tenant ID>
  • TONIC_SSO_GROUP_FILTER_REGEX: Identifies the allowed groups for Tonic. For details, go to Synchronizing SSO groups with Tonic.
For Kubernetes, TONIC_SSO_CLIENT_SECRET can be provided through the tonic-sso-client-secret secret
Last modified 1mo ago