Azure
Use these instructions to set up Azure Active Directory as your SSO provider for Tonic.
- 1.In the portal, navigate to Azure Active Directory -> App registrations, then click New registration.
New registration option on App registrations
- 2.Register Tonic and create a new web redirect URI that points to your Tonic instance's address and the path
/sso/callback.
Register an application panel
- 3.Take note of the values for client ID and tenant ID. You will need them later.
Client ID and tenant ID values for the application
- 4.Click Add a certificate or secret and create a new client secret
Add a client secret panel
- 5.Take note of the secret value. You will need this later.
Client secret value
- 6.Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API:
- OpenId permissions
- email
- openid
- profile
- GroupMember
- GroupMember.Read.All
- User
- User.Read
Request API permissions panel
- 7.Click Grant admin consent for Tonic AI. This allows the application to read the user and group information from your organization.
Grand admin content option for the application
- 8.When permissions have been granted, the status should change to Granted for Tonic AI.
Status values for the permissions
- 9.Navigate to Enterprise applications and select Tonic. From here, you can assign the users or groups that should have access to Tonic.
TONIC_SSO_PROVIDER:AzureTONIC_SSO_CLIENT_ID: <Azure Client ID>TONIC_SSO_CLIENT_SECRET: <Azure Client Secret>TONIC_SSO_TENANT_ID: <Azure Tenant ID>TONIC_SSO_GROUP_FILTER_REGEX: <Regex string>
The group filter regex is an expression that matches the groups that you want Tonic to be aware of. You can change this later. For example, the expression
.*Tonic.* allows all groups that contain the word "Tonic".For Kubernetes,
TONIC_SSO_CLIENT_SECRET can be provided through the tonic-sso-client-secret secretLast modified 2mo ago