# Azure

Use these instructions to set up Azure Active Directory as your SSO provider for Tonic Textual.

## **Azure configuration** <a href="#sso-azure-config-azure" id="sso-azure-config-azure"></a>

Register Textual as an application within the Azure Active Directory Portal:

1. In the portal, navigate to **Azure Active Directory -> App registrations**, then click **New registration**.
2. Register Textual and create a new web redirect URI that points to your Textual instance's address and the path `/sso/callback/azure`.
3. Take note of the values for client ID and tenant ID. You will need them later.
4. Click **Add a certificate or secret**, and then create a new client secret.\
   \
   Take note of the secret value. You will need this later.
5. Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API:
   * OpenId permissions
   * email
   * openid
   * profile
   * GroupMember
   * GroupMember.Read.All
   * User
   * User.Read
6. Click **Grant admin consent for Tonic AI**. This allows the application to read the user and group information from your organization.\
   \
   When permissions have been granted, the status should change to **Granted for Tonic AI**.
7. Navigate to **Enterprise applications** and then select **Textual**. From here, you can assign the users or groups that should have access to Textual.

## **Textual configuration** <a href="#sso-azure-config-textual" id="sso-azure-config-textual"></a>

After you complete the configuration in Azure, you uncomment and configure the required [environment variables](/textual/textual-install-administer/configuring-textual/textual-env-var-configure.md) in Textual.

For Kubernetes, in **values.yaml**:

```
# Azure SSO Config
# -----------------
#azureClientId: <client-id>
#azureTenantId: <tenant-id>
#azureClientSecret: <client-secret>
#azureGroupFilterRegex: <regular expression to identify allowed groups>
```

For Docker, in **.env**:

```
#SOLAR_SSO_AZURE_CLIENT_ID=#<client ID>
#SOLAR_SSO_AZURE_TENANT_ID=#<tenant ID>
#SOLAR_SSO_AZURE_CLIENT_SECRET=#<client secret>
#SOLAR_SSO_AZURE_GROUP_FILTER_REGEX=#"<regular expression to identify allowed groups>
```


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.tonic.ai/textual/textual-install-administer/user-access-textual/textual-sso/textual-sso-azure.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.