Search code examples
azuresingle-sign-onportal

Single sign-on to Azure portal

Is there any option to sign-in to Azure portal using clientID, client Secret, Tenant ID and /or subscription ID? Most of the samples I saw are using AD or SAML

Solution

  • No, you can't.

    If you get the sign in url of the azure portal, you will find it uses this flow to authorize.

    enter image description here

    https://login.microsoftonline.com/organizations/oauth2/v2.0/authorize?
client_id=c44b4083-3bb0-49c1-b47d-974e53cbdf3c&
response_mode=form_post&
response_type=code+id_token&
scope=https%3a%2f%2fmanagement.core.windows.net%2f%2fuser_impersonation+openid+email+profile&
state=OpenIdConnect.AuthenticationProperties%3d5sSBWCgxO8uzYlVgeWTBnBpO_3udn25WSlg2P5mZjzotjbc0u3aiZfTvDwyVNboeIldUVKig-KNmc_LiG_a2LI4dySYHViQ1bEQgXUt1c7PbCQ4Nqg-VOu9nsnSwTZ4i15w_0XeNah_PvG8B0TgQI5D-AlN4lhNrwtjN8ATClowc38Ifdu7h8BweU3sGvxlvYxtBG3-VzwSty-jaDbz3CRTUFmm0jTTKOGPrHsGu3q6-R9pDKFqvZk50Cd6AstdLe4qpcTRxFlkb114JxGW0BzZKIy__sIbqkHm_WeMnaFBGuQaTcGv4e7EizLxbZUc_jpqopZRCw7sfv-eaxHrD_ZoaXzNtylfoVnfcrnK0cbvh1TopnOcY166ZFW4uQlFu73De9SPMKMVr53gaUJTfR_pdJBQ_hS51L4quMf_noP4x5szhQ314hxgwoJBnw7R_8vhBKF6jplZmhqf3Hrsp4nEyzjjbyocCoXF9qxJjLkY&
nonce=637188980051547113.OTZkOTdlYjctODJiNS00M2E1LWFjZWUtM2FlMTUyYmJmOTc0ZWUxOWQ1OTYtNTBhOC00ZTc0LWFmMGYtNDkwYTA3ODJkZmEx&
redirect_uri=https%3a%2f%2fportal.azure.com%2fsignin%2findex%2f%3ffeature.refreshtokenbinding%3dtrue%26feature.snivalidation%3dtrue%26feature.usemsallogin%3dtrue&site_id=501430&client-request-id=c171ca99-bd9c-4a38-aaa0-a9344d273131&x-client-SKU=ID_NET&x-client-ver=1.0.40306.1554

    Actually the azure portal is an AD App registered in azure ad, so you need the user account to login.

    enter image description here

    If you want to use the service principal(i.e. the clientID you mentioned) to do operations on the azure resources, you could use the Azure powershell, CLI, REST API.

    Samples:

    1.Use the service principal to login Azure powershell

    $passwd = ConvertTo-SecureString <use a secure password here> -AsPlainText -Force
$pscredential = New-Object System.Management.Automation.PSCredential('service principal name/id', $passwd)
Connect-AzAccount -ServicePrincipal -Credential $pscredential -Tenant $tenantId

    2.Use the service principal to login Azure CLI

    az login --service-principal -u http://azure-cli-2016-08-05-14-31-15 -p VerySecret --tenant contoso.onmicrosoft.com

    3.Use the client credential flow to get the token, then use it to call the REST API, see this link.