Azure AD - OIDC

In order to use Azure Active Directory (AAD) as an IdP to authenticate the Akeyless Vault via OIDC, you need to follow the below steps.

Create an application

  1. In your Azure account, go to App registrations > New registrations.
  1. For Redirect URI type select Web for Application type
    Set https://auth.akeyless.io/oidc/callback as a value and press Register.
  1. Once the app has been created, you need to obtain the Client ID, Client Secret, and the Issuer URL:
  • The Client Id can be fetched from Overview > Application (client) ID:
  • The Client Secret can be created under Certificates & secrets > New Client Secret:
  1. In order to add the AD group as a sub claim, go to Token configuration > Add Groups Claim:
  1. In order to bind the Azure application with your Akeyless Vault account, you need to create an OIDC Authentication Method using either CLI or UI, as described below.

Create OIDC Authentication Method - CLI

akeyless create-auth-method-oidc --name 'my Azure app' --issuer https://{your-issuer-url} --client-id {your-client-id}  --client-secret {your-client-secret} --unique-identifier {your-unique-identifier (e.g 'email' or 'username'')}

Login with OIDC - CLI

You should configure a new profile with your Access-ID from the previous step and OIDC type (if no profile name is provided the default will be configured):

akeyless configure --access-id <your access ID >  --access-type oidc --profile 'azure-app'

Now, you can run any Akeyless CLI command and be authenticated with the Azure application:

akeyless list-items --profile azure-app

Did this page help you?