different-technology/azure-ad-be

Microsoft Entra ID - TYPO3 Backend Login

Maintainers

Details

github.com/different-technology/azure-ad-be

Homepage

Source

Issues

Installs: 30

Dependents: 0

Suggesters: 0

Security: 0

Stars: 1

Watchers: 2

Forks: 1

Open Issues: 0

Type:typo3-cms-extension

1.1.0 2024-11-19 22:52 UTC

Requires

GPL-2.0-or-later 43eef3ae0c7fff292e31f3c922df3010a7ca8802

This package is auto-updated.

Last update: 2024-11-22 11:13:26 UTC

README

Former title: Azure Active Directory - TYPO3 Backend Login

Setup

Add the following env parameters:

TYPO3_AZURE_AD_BE_CLIENT_ID=<your-client-id>
TYPO3_AZURE_AD_BE_CLIENT_SECRET=<your-secret>
TYPO3_AZURE_AD_BE_URL_AUTHORIZE=https://login.microsoftonline.com/<see-your-endpoints>/oauth2/v2.0/authorize
TYPO3_AZURE_AD_BE_URL_ACCESS_TOKEN=https://login.microsoftonline.com/<see-your-endpoints>/oauth2/v2.0/token

Group permissions

You may wish to affect the users permissions or properties depending on which Entra ID / Azure AD group they are in.

Ensure your application has Directory.Read.All permissions.

In your site_package ext_localconf.php, create an array where the group display name is the index and the affected be_user properties are the values. This array gets merged in order from top to bottom for each group the user is a member of.

For example:

$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['azure_ad_be']['groups'] = [
	'admin-group-name' => [
		'admin' => 1
	],
	'editor-group' => [
		'usergroup' => 12
	]
];

Disable TYPO3 login

If you want to disable logging in via username and password, add the following to your ext_localconf.php

unset($GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['backend']['loginProviders'][1433416747]);