UI Bakery Docs
RoadmapRelease notesSign In
  • 👋Welcome to UI Bakery!
  • 🌟Overview
    • 💡Video intro
    • ✨Main features
    • 🔖Glossary
  • 🛠️Getting started
    • Create an application
    • Build UI
      • Data mocking methods
    • Link components
    • Connect a data source
    • Load data
    • Bind data to UI
    • Transform data with JavaScript
      • Data mapping & transforming
    • Change component data
    • Send a form
    • Create a filter
    • Note on debugging
    • Deploy your application & invite users
  • 📌Concepts
    • Components
      • Component basics
      • Component methods
      • Components best practices
        • Input validation
        • Linking a Table to a Form/Detail
        • Using a single Form to add and update data
        • Searching Table based on input value
        • Configuring server-side pagination
        • Managing Date object time zones
        • Role-based Menu component items
        • Field types & types recognition
        • Expanding component to fit screen/container
        • Controlling component's visibility
    • Custom components
      • Unrestricted custom components
    • Data sources
      • Data source environments
      • Connecting local database via ngrok
      • SSH Tunneling
    • Actions
      • Actions basics
        • Calling actions from code
      • Actions management & shortcuts
      • Actions settings
      • Actions library
      • Server actions
      • Logs and debugging
    • UI Bakery variables
    • State variables
    • Local storage
    • Modules
    • Custom JavaScript
      • JavaScript files
    • Workspace management
      • Account & workspace
      • Seats & Shared permission groups in UI Bakery
      • Roles in UI Bakery
      • Role permissions
      • Explore the interface
      • App environments
        • Release management
      • Audit logs
      • Multi-factor authentication
    • Export & import an app
    • Mobile layout
    • Theme editor
      • Changing theme from the app
    • UI Bakery source control
      • Git controls overview
      • Migrating your app model to the latest version
  • ⚡How-tos
    • File management
      • Working with PDF files
      • CSV import & export
      • Uploading files using methods
      • Displaying files from Google Drive and Dropbox
      • Parsing and sending XML
    • Styling
      • Modifying components with CSS
    • Layout & navigation
      • Adding navigation to application
      • Reading query params from URL
      • Hiding UI Bakery loader in the Embedded mode
    • Data
      • Managing user data with the {{user.email}} variable
      • Using JS libraries
        • Internationalization (i18n) & Localization: Translating UI Bakery Apps
      • Implementing row-level security
      • Copying to clipboard
    • Custom code
      • Communicating with external sites via Iframe
      • Implementing custom app hotkeys
      • Retrying API with HTTP status code 202
  • 🔎Extras
    • UI Bakery Automations
      • Environment and release strategy
      • Git in automations
      • Using external Node libraries
    • UI Bakery Database
      • Database migration
  • 💻On-premise
    • UI Bakery on-premise
    • Install & update
      • Installing on-premise
        • Azure virtual machine
        • Azure container instance
        • AWS EC2 instance
        • Google Cloud Compute Engine VM instance
        • DigitalOcean 1-click droplet
        • Manual w/ docker compose
        • Manual w/ docker run
        • Windows installation
        • Kubernetes
          • AWS EKS with Fargate
          • Scaling and resource optimization
      • Troubleshooting installation errors
      • Updating on-premise
      • Updating license key
      • Updating environment variables
      • Recommendations
        • Architecture overview
        • UI Bakery in production
        • Resource optimization
        • Running a standalone database instance
        • Generating custom secrets
    • On-premise features
      • External analytics
      • Branding
      • Embedding
      • SCIM 2.0
      • Instance API
      • Activating features under a feature flag
    • Additional configurations
      • Health check API
      • Email configuration
      • Google Sheets connection setup
      • Salesforce connection setup
      • Azure blob storage configuration
      • Adding python backend code to existing installation
      • UI Bakery Postgres
    • Networking & security
      • Setting up a domain name
      • Configuring custom certificate authority
      • Custom base URL
      • Getting requests to the local network
      • Setting up SSL on Ubuntu
    • SSO
      • OpenID
        • Google OAuth2
        • Okta ODIC
        • Azure AD OAuth2
        • Token refresh
      • SAML
        • Okta SAML
        • Azure AD SAML
      • Role synchronization
      • Multiple SSO
      • Logout redirect
      • Troubleshooting
    • Git source control
      • Manage multi-instance deployment
      • Custom PR URL
      • Automate GitHub releases
      • Automate GitLab releases
      • Automate Bitbucket releases
    • Environment variables
  • 📚Reference
    • Data security measures
    • Improving app security
    • ✨AI Assistant
    • List of Components
      • S3 file uploader
      • Azure Blob Storage file uploader
      • Accordion
      • Alert
      • Avatar
      • Boolean
      • Breadcrumbs
      • Bubble map
      • Button
      • Card
      • Chart
      • Chat
      • Checkbox
      • Collapsible card
      • Color picker
      • Composite form
      • Container
      • Context menu button
      • Currency
      • Currency input
      • Date picker
      • Date & time
      • Date & time picker
      • Detail
      • Divider
      • Email input
      • Embedded App
      • File
      • File dropzone
      • File picker
      • Flex container
      • Form
      • Frame drawer
      • Grid view
      • Heading
      • Horizontal menu
      • Icon
      • iFrame
      • Image
      • Image picker
      • JSON editor
      • JSON viewer
      • Link
      • List view
      • Map
      • Menu
      • Metric
      • Modal
      • Multi-select
      • Number
      • Number input
      • Password input
      • PDF viewer
      • Percent
      • Pop-up form
      • Progress bar
      • QR code
      • Radio
      • Range slider
      • Rating
      • Reusable header
      • Reusable sidebar
      • Select
      • Signature
      • Slider
      • Steps
      • Stepper
      • Table
        • Conditional formatting based on cell value
        • Display name instead of ID for relation
        • Row context referencing
        • Select multiple table rows
        • How to Highlight Text in a Table Using mark.js
      • Tabs
      • Tabset
      • Tags
      • Text
      • Text annotate
      • Text input
      • Time picker
      • Toggle
      • Tree component
      • Video
      • Dynamic structure properties
      • Card (deprecated)
      • Input (deprecated)
    • Upgrading components
    • List of Data sources
      • Airtable
      • AWS S3
        • S3 compatible endpoints (DigitalOcean spaces)
      • AWS API
      • AWS Athena
      • AWS DynamoDB
      • AWS Lambda
      • AWS Redshift
      • Azure Blob Storage
      • Big Query
      • Databricks
      • Exasol
      • Firestore, Firebase Auth & Realtime DB
        • Firebase authentication
        • Managing database data
        • Firebase client-side SDK
        • Firebase libraries
      • GitHub
      • Google Sheets
      • GraphQL
      • HTTP API
        • API Authentication
      • HubSpot
      • Twilio
      • JDBC
      • MariaDB
      • MongoDB
      • MySQL
      • OpenAI
      • OpenAPI
      • Oracle
      • PostgreSQL
      • Presto
      • Redis
      • Salesforce
      • SAP Hana
      • SMTP
      • SendGrid
      • Slack
      • Snowflake
      • Spanner
      • SSH
      • Stripe
      • SQL Server
      • Supabase
      • UI Bakery AI
    • List of Action steps
      • Azure Blob Storage query
      • Bulk Create Rows
      • Bulk Delete Rows
      • Code step
      • Condition step
      • Create Row
      • Delete Row
      • DynamoDB request
      • Execute another action
      • Firebase query
      • Generate file
      • GraphQL query
      • HTTP request
      • Interval step
      • Load Table
      • Load Row
      • Loop action
      • MongoDB command
      • Navigation action
      • Open API request
      • Python backend code
      • Redis command
      • S3 query
      • Save to local storage
      • Save to state
      • Show notification
      • Slack messages
      • SMTP request
      • SSH command
      • SQL query
        • Writing SQL Queries
      • Update Row
    • Troubleshooting techniques
    • Performance optimization
Powered by GitBook

© 2025 UI Bakery

On this page
  • Prerequisites
  • Create an Azure AD Application
  • Step 1: Create a New Application
  • Step 2: Configure the Application
  • Configure OAuth2 in Azure
  • Step 1: Obtain Client ID and Secret
  • Step 2: Generate a Client Secret
  • Integrate Azure with UI Bakery
  • Step 1: Update environment variables
  • Step 2: Restart your UI Bakery instance
  • Set up group claims for role synchronization (Optional)
  • Test the Integration
  • Troubleshooting

Was this helpful?

Export as PDF
  1. On-premise
  2. SSO
  3. OpenID

Azure AD OAuth2

How to connect Azure Active Directory (AD) Single Sign-On (SSO) with OAuth2 in UI Bakery

PreviousOkta ODICNextToken refresh

Last updated 6 months ago

Was this helpful?

Prerequisites

  • An Azure account with an active subscription.

  • Administrator rights on Microsoft Entra ID (former Active Directory).

  • A UI Bakery application up and running.


Create an Azure AD Application

Step 1: Create a New Application

  1. Click on "Microsoft Entra ID" from the sidebar.

  2. Choose "App registrations" and then click on "New registration".

Step 2: Configure the Application

  1. Name your application.

  2. Set the supported account types.

  3. Set the redirect URI to https://YOUR_INSTANCE/auth/oauth2/callback

  4. Click "Register" to create the application.


Configure OAuth2 in Azure

Step 1: Obtain Client ID and Secret

  1. Go to the "Overview" tab of your newly created Azure application.

  2. Note down the "Application (client) ID".

Step 2: Generate a Client Secret

  1. Navigate to "Certificates & secrets".

  2. Click on "New client secret" and follow the prompts.


Integrate Azure with UI Bakery

Step 1: Update environment variables

# Can be found in Overview tab
UI_BAKERY_OAUTH_CLIENT_ID=<your-application-id>
# do not mess it up with secret id, it should be secret value
UI_BAKERY_OAUTH_SECRET=<your-secret-value>
UI_BAKERY_OAUTH_SCOPE=User.Read
UI_BAKERY_OAUTH_EMAIL_KEY=upn
UI_BAKERY_OAUTH_GET_CLAIMS_FROM_TOKEN=true
# Replace <your-tenant-id> with Directory (tenant) ID from overview tab
# For multitenant integration use "common" instead of tenant ID
UI_BAKERY_OAUTH_AUTH_URL=https://login.microsoftonline.com/<your-tenant-id>/oauth2/v2.0/authorize
UI_BAKERY_OAUTH_TOKEN_URL=https://login.microsoftonline.com/<your-tenant-id>/oauth2/v2.0/token
UI_BAKERY_BRANDING_AUTH_SSO_BTN_TEXT=Login with Microsoft

Step 2: Restart your UI Bakery instance

Docker compose setup may be restarted with the following command:

docker compose down && docker compose up -d

Set up group claims for role synchronization (Optional)

  1. Add groups claim in "Token configuration" section. Select groups types according to your requirements.

  2. In the "Expose an API" section, configure Application ID URI with default value and create a new scope. Set the scope name to groups and configure the necessary settings

  3. In the "API permissions" section, click Add a permission, select the APIs my organization uses tab, and search for the previously created scope by typing your app registration name or id.

  4. Update the following environment variables and then restart your instance:

    UI_BAKERY_SSO_ROLE_CLAIM=groups
    # replace api://YOUR_APP_ID with "Application ID URI" from "Expose an API" section
    UI_BAKERY_OAUTH_TOKEN_URL_ADDITIONAL_PARAMS={"scope": "api://YOUR_APP_ID/groups"}

Test the Integration

  1. Attempt to log in to your UI Bakery application with `Login with Microsoft` button.

  2. You should be redirected to the Azure AD login page.

  3. After successful authentication, you should be redirected back to your UI Bakery application.


Troubleshooting

If you encounter issues during the integration, consider checking the following:

  1. Make sure the Client ID and Client Secret are correctly configured in UI Bakery.

  2. Validate the Redirect URI settings on both Azure and UI Bakery.

  3. Check Azure logs for authentication errors.

If you need to enable , then groups claim must be included in the access token. To achieve this, follow these steps:

💻
role synchronization