Azure
Use these instructions to set up Azure Active Directory as your SSO provider for Tonic.
- 1.In the portal, navigate to Azure Active Directory -> App registrations, then click New registration.

New registration option on App registrations
- 2.Register Tonic and create a new web redirect URI that points to your Tonic instance's address and the path
/sso/callback.

Register an application panel
- 3.Take note of the values for client ID and tenant ID. You will need them later.

Client ID and tenant ID values for the application
- 4.Click Add a certificate or secret and create a new client secret

Add a client secret panel
- 5.Take note of the secret value. You will need this later.

Client secret value
- 6.Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API:
- OpenId permissions
- email
- openid
- profile
- GroupMember
- GroupMember.Read.All
- User
- User.Read

Request API permissions panel
- 7.Click Grant admin consent for Tonic AI. This allows the application to read the user and group information from your organization.

Grand admin content option for the application
- 8.When permissions have been granted, the status should change to Granted for Tonic AI.

Status values for the permissions
- 9.Navigate to Enterprise applications and select Tonic. From here, you can assign the users or groups that should have access to Tonic.

TONIC_SSO_PROVIDER
:Azure
TONIC_SSO_CLIENT_ID
: <Azure Client ID>TONIC_SSO_CLIENT_SECRET
: <Azure Client Secret>TONIC_SSO_TENANT_ID
: <Azure Tenant ID>TONIC_SSO_GROUP_FILTER_REGEX
: <Regex string>
The group filter regex is an expression that matches the groups that you want Tonic to be aware of. You can change this later. For example, the expression
.*Tonic.*
allows all groups that contain the word "Tonic".For Kubernetes,
TONIC_SSO_CLIENT_SECRET
can be provided through the tonic-sso-client-secret
secretLast modified 2mo ago