different-technology / azure-ad-be
Azure Active Directory - TYPO3 Backend Login
Installs: 15
Dependents: 0
Suggesters: 0
Security: 0
Stars: 0
Watchers: 1
Forks: 1
Open Issues: 0
Type:typo3-cms-extension
Requires
- ext-json: *
- league/oauth2-client: ^2.6
This package is auto-updated.
Last update: 2023-11-10 18:31:25 UTC
README
Setup
Add the following env parameters:
TYPO3_AZURE_AD_BE_CLIENT_ID=<your-client-id>
TYPO3_AZURE_AD_BE_CLIENT_SECRET=<your-secret>
TYPO3_AZURE_AD_BE_URL_AUTHORIZE=https://login.microsoftonline.com/<see-your-endpoints>/oauth2/v2.0/authorize
TYPO3_AZURE_AD_BE_URL_ACCESS_TOKEN=https://login.microsoftonline.com/<see-your-endpoints>/oauth2/v2.0/token
Group permissions
You may wish to affect the users permissions or properties depending on which Azure AD group they are in.
Ensure your application has Directory.Read.All
permissions.
In your site_package ext_localconf.php
, create an array where the group display name is the index and the affected be_user
properties are the values. This array gets merged in order from top to bottom for each group the user is a member of.
For example:
$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['azure_ad_be']['groups'] = [ 'admin-group-name' => [ 'admin' => 1 ], 'editor-group' => [ 'usergroup' => 12 ] ];
Disable TYPO3 login
If you want to disable logging in via username and password, add the following to your ext_localconf.php
unset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['backend']['loginProviders'][1433416747]);