# Azure Use these instructions to set up Azure Active Directory as your SSO provider for Tonic Textual. ## **Azure configuration** Register Textual as an application within the Azure Active Directory Portal: 1. In the portal, navigate to **Azure Active Directory -> App registrations**, then click **New registration**. 2. Register Textual and create a new web redirect URI that points to your Textual instance's address and the path `/sso/callback/azure`. 3. Take note of the values for client ID and tenant ID. You will need them later. 4. Click **Add a certificate or secret**, and then create a new client secret.\ \ Take note of the secret value. You will need this later. 5. Navigate to the API permissions page. Add the following permissions for the Microsoft Graph API: * OpenId permissions * email * openid * profile * GroupMember * GroupMember.Read.All * User * User.Read 6. Click **Grant admin consent for Tonic AI**. This allows the application to read the user and group information from your organization.\ \ When permissions have been granted, the status should change to **Granted for Tonic AI**. 7. Navigate to **Enterprise applications** and then select **Textual**. From here, you can assign the users or groups that should have access to Textual. ## **Textual configuration** After you complete the configuration in Azure, you uncomment and configure the required [environment variables](https://docs.tonic.ai/textual/textual-install-administer/configuring-textual/textual-env-var-configure) in Textual. For Kubernetes, in **values.yaml**: ``` # Azure SSO Config # ----------------- #azureClientId: #azureTenantId: #azureClientSecret: #azureGroupFilterRegex: ``` For Docker, in **.env**: ``` #SOLAR_SSO_AZURE_CLIENT_ID=# #SOLAR_SSO_AZURE_TENANT_ID=# #SOLAR_SSO_AZURE_CLIENT_SECRET=# #SOLAR_SSO_AZURE_GROUP_FILTER_REGEX=#" ```