Module Description
OpenID Connect client / plugin for Microsoft Azure Active Directory authentication This module is a Microsoft Azure Active Directory client for OpenID Connect.
Microsoft Azure AD connection can be achieved by using the Generic client in OpenID Connect. The OpenID Connect Microsoft Azure AD client basically does the same thing, but adds some powerful Azure AD specific settings, which can be found below.
Graph API to enrich the user data (D7/D8/D9) An option is added to the settings page that enables the use of the Graph API instead of the Open ID Connect userinfo endpoint. It brings more fields of the user profile. There is also an option to use another property for email address (when using Graph). Finally, it is optional to to update existing user's email address in case another email address property is used.
Map user's AD groups to Drupal roles (D8/D9) Enable this to configure Drupal user role assignment based on AD group membership.
Single sign out (D8/D9) Checking this option will enable Single Sign Out to occur so long as the logout url has been set to (http(s)://yoursite.com/openid-connect/windows_aad/signout) in your Azure AD registered app settings. If a user logs out of the Drupal app then they will be logged out of their SSO session elsewhere as well. Conversely if a user signs out of their SSO account elsewhere, such as Office 365, they will also be logged out of this app.
Missing email address not blocking (D7/D8/D9) This module will check if an email address is part of the UserInfo data. In case no email is there, it will still create the user, but use the username instead, providing a notice to prompt the user to change it in his/her user settings. This message to the user is optional.
Integration with Key module (D9) Integration with the Key module, so safe storage of sensitive data, in our case the client secret, is provided.
Roadmap
* Full documentation
* Port to Drupal 9
Microsoft Azure AD connection can be achieved by using the Generic client in OpenID Connect. The OpenID Connect Microsoft Azure AD client basically does the same thing, but adds some powerful Azure AD specific settings, which can be found below.
Graph API to enrich the user data (D7/D8/D9) An option is added to the settings page that enables the use of the Graph API instead of the Open ID Connect userinfo endpoint. It brings more fields of the user profile. There is also an option to use another property for email address (when using Graph). Finally, it is optional to to update existing user's email address in case another email address property is used.
Map user's AD groups to Drupal roles (D8/D9) Enable this to configure Drupal user role assignment based on AD group membership.
Single sign out (D8/D9) Checking this option will enable Single Sign Out to occur so long as the logout url has been set to (http(s)://yoursite.com/openid-connect/windows_aad/signout) in your Azure AD registered app settings. If a user logs out of the Drupal app then they will be logged out of their SSO session elsewhere as well. Conversely if a user signs out of their SSO account elsewhere, such as Office 365, they will also be logged out of this app.
Missing email address not blocking (D7/D8/D9) This module will check if an email address is part of the UserInfo data. In case no email is there, it will still create the user, but use the username instead, providing a notice to prompt the user to change it in his/her user settings. This message to the user is optional.
Integration with Key module (D9) Integration with the Key module, so safe storage of sensitive data, in our case the client secret, is provided.
Roadmap
* Full documentation
* Port to Drupal 9
Module Link
Project Usage
3397
Security Covered
Covered By Security Advisory
Version Available
Production
Module Summary
This module aims to solve the integration of Microsoft Azure Active Directory authentication with Drupal through OpenID Connect, providing additional features such as Graph API data enrichment, AD group mapping to Drupal roles, Single Sign Out functionality, handling missing email addresses, and integration with the Key module for secure storage of sensitive data.
Data Name
openid_connect_windows_aad
OPENAI CHATBOT
OPENAI CHATBOT
