2022-07-09 20:31:41 +02:00
---
title: Azure SSO for Bare Metal
slug: /deployment/security/azure/bare-metal
---
# Azure SSO for Bare Metal
2022-10-20 15:30:45 +05:30
Get the `Client Id` and `Tenant ID` from Azure Application configured in [Step 3 ](/deployment/security/azure#step-3-where-to-find-the-credentials ).
Get the Azure Service Application `Client Id` , `Client Secret` , `Authority` , `Scopes` from the information collected in [Step 9 ](/deployment/security/azure#step-9-note-down-the-clientid-and-authority ).
2022-07-09 20:31:41 +02:00
2022-10-20 15:30:45 +05:30
## Update conf/openmetadata.yaml
2022-07-09 20:31:41 +02:00
```yaml
authenticationConfiguration:
provider: "azure"
publicKeyUrls:
- "https://login.microsoftonline.com/common/discovery/keys"
authority: "https://login.microsoftonline.com/{Tenant ID}"
2022-10-20 15:30:45 +05:30
clientId: "{Client ID}" # Azure Application
2022-07-09 20:31:41 +02:00
callbackUrl: "http://localhost:8585/callback"
```
Then,
- Update `authorizerConfiguration` to add login names of the admin users in `adminPrincipals` section as shown below.
- Update the `principalDomain` to your company domain name.
```yaml
authorizerConfiguration:
2022-10-05 21:54:02 -07:00
className: "org.openmetadata.service.security.DefaultAuthorizer"
2022-07-09 20:31:41 +02:00
# JWT Filter
2022-10-05 21:54:02 -07:00
containerRequestFilter: "org.openmetadata.service.security.JwtFilter"
2022-07-09 20:31:41 +02:00
adminPrincipals:
- "user1"
- "user2"
principalDomain: "open-metadata.org"
```
2022-10-07 12:47:43 +02:00
In `0.12.1` the `className` and `containerRequestFilter` must replace `org.openmetadata.catalog` by `org.openmetadata.service` .
2022-07-09 20:31:41 +02:00
Finally, update the Airflow information:
2022-10-07 12:47:43 +02:00
**Before 0.12.1**
2022-10-20 15:30:45 +05:30
Once the `Client Id` and `Client Secret` are generated for Azure SSO Service Application, add in `openmetadata.yaml` file for the information collected in [Step 9 ](/deployment/security/azure#step-9-note-down-the-clientid-and-authority ).
2022-07-09 20:31:41 +02:00
```yaml
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
authProvider: azure
authConfig:
azure:
clientSecret: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_SECRET:-""}
authority: ${OM_AUTH_AIRFLOW_AZURE_AUTHORITY_URL:-""}
scopes: ${OM_AUTH_AIRFLOW_AZURE_SCOPES:-[]}
2022-10-20 15:30:45 +05:30
clientId: ${OM_AUTH_AIRFLOW_AZURE_CLIENT_ID:-""} # Azure Service Application
2022-07-09 20:31:41 +02:00
```
2022-10-07 12:47:43 +02:00
**After 0.12.1**
```yaml
airflowConfiguration:
apiEndpoint: ${AIRFLOW_HOST:-http://localhost:8080}
username: ${AIRFLOW_USERNAME:-admin}
password: ${AIRFLOW_PASSWORD:-admin}
metadataApiEndpoint: ${SERVER_HOST_API_URL:-http://localhost:8585/api}
```
2022-10-20 15:30:45 +05:30
< Note >
Follow [this ](/deployment/security/azure#step-10-update-ingestion-bot-with-azure-sso-service-application ) guide to configure the `ingestion-bot` credentials for ingesting data from Airflow.
< / Note >
