Use Azure Entra ID to login at your Portainer instance!
Written on Nov 11, 2023 by Remco Kersten in Azure
If you’re using the BE version of Portainer, you can easily set up your Azure Entra tenant user as an authentication source with just a single click. Unfortunately, this feature isn’t available in the CE edition. However, since both Portainer and Azure Entra use OAuth 2.0, it’s entirely possible to integrate Azure Entra with Portainer!
Chances are, if you’ve landed on this page, you already know what Portainer is. In a nutshell, Portainer is a management tool for Docker containers, allowing you to manage them on one or multiple nodes through a web interface. So, instead of managing your containers through the command line interface, you expose a web interface for Docker management.
If you navigate within Portainer to Settings -> Authentication, you’ll notice that the Azure Entra feature is only available in the BE edition. While LDAP is available in the CE edition, this protocol isn’t supported by Azure Entra. Fortunately, it’s possible to configure Azure Entra with the OAuth option.
To enable Portainer to use Azure Entra, you must first register the application and assign the appropriate permissions.
Now that you’ve created an App configuration for Portainer, it’s time to set up Portainer to authenticate with your Tenant.
Your Azure Directory (tenant) ID
<Portainer URL (which must match the URL provided during App registration)>
Users who sign in via Azure Entra are registered within Portainer using their email addresses. To grant a user access to Portainer, you need to add their email address first under Settings -> Users.
Alternatively, you can choose to provide all users in your tenant access to Portainer by enabling the Automatic user provisioning option under Settings -> Authentication.
Now that both Azure Entra ID and Portainer are configured, you should see a button on the Portainer login page to log in with your Microsoft account. You’ll be redirected to the Microsoft login page, and after a successful authentication, you’ll be returned to the Portainer web application.