estel/netbox
1
0
Fork 0
Code Issues Pull Requests Actions 4 Packages Projects Releases Wiki Activity

Revert changes from #13373 pending further discussion around implementation

Browse Source 
This reverts commit 66e4e31209.
This commit is contained in:
Jeremy Stretch
2023-08-24 13:59:58 -04:00
parent 88bf82be05
commit 08961e751d
3 changed files with 0 additions and 150 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
docs/administration/authentication/microsoft-azure-ad.md
View File

@@ -61,63 +61,6 @@ Restart the NetBox services so that the new configuration takes effect. This is
sudo systemctl restart netbox
```
## Group Assignment
If you want NetBox to assign groups based on Azure AD groups, then some additonal configuration is needed. Enter the following configuration parameters in `configuration.py`, substituting your own values:
```python
SOCIAL_AUTH_AZUREAD_OAUTH2_RESOURCE = 'https://graph.microsoft.com/'
SOCIAL_AUTH_PIPELINE = (
'social_core.pipeline.social_auth.social_details',
'social_core.pipeline.social_auth.social_uid',
'social_core.pipeline.social_auth.social_user',
'social_core.pipeline.user.get_username',
'social_core.pipeline.social_auth.associate_by_email',
'social_core.pipeline.user.create_user',
'social_core.pipeline.social_auth.associate_user',
'netbox.authentication.user_default_groups_handler',
'social_core.pipeline.social_auth.load_extra_data',
'social_core.pipeline.user.user_details',
'netbox.authentication.azuread_map_groups',
)
# Define special user types using groups. Exercise great caution when assigning superuser status.
SOCIAL_AUTH_PIPELINE_CONFIG = {
'AZUREAD_USER_FLAGS_BY_GROUP': {
"is_staff": ['{AZURE_GROUP_ID1}','{AZURE_GROUP_ID2}'],
"is_superuser": ['{AZURE_GROUP_ID1}','{AZURE_GROUP_ID2}']
},
'AZUREAD_GROUP_MAP': {
'{AZURE_GROUP_ID1}': '{NETBOX_GROUP1}',
'{AZURE_GROUP_ID2}': '{NETBOX_GROUP2}',
}
}
```
For example, here is a config that maps a single Azure AD group (the token '1a36bed9-3bdc-4970-ab66-faf9704e0af4' shown here is the ID of the group within the Azure dashboard) to be both is_staff and is_superuser status as well as assign it to the group 'tgroup' within NetBox:
```
SOCIAL_AUTH_PIPELINE_CONFIG = {
# Define special user types using groups. Exercise great caution when assigning superuser status.
'AZUREAD_USER_FLAGS_BY_GROUP': {
'is_staff': ['1a36bed9-3bdc-4970-ab66-faf9704e0af4',],
'is_superuser': ['1a36bed9-3bdc-4970-ab66-faf9704e0af4',]
},
'AZUREAD_GROUP_MAP': {
'1a36bed9-3bdc-4970-ab66-faf9704e0af4': 'tgroup',
}
}
```
**AZUREAD_USER_FLAGS_BY_GROUP.is_staff**: users who are in any of the Azure AD group-ids in the array will have staff permission assigned to them.
**AZUREAD_USER_FLAGS_BY_GROUP.is_superuser**: users who are in any of the Azure AD group-ids in the array will have superuser permission assigned to them.
**AZUREAD_GROUP_MAP**: Any user with the given Azure AD group-id is included in the given NetBox group name.
## Testing
Log out of NetBox if already authenticated, and click the "Log In" button at top right. You should see the normal login form as well as an option to authenticate using Azure AD. Click that link.