Django and Azure Active Directory - Outsourcing Authentication to Azure AD / Setting up MFA

preview_player
Показать описание
In this video, we look at how to use Azure Active Directory (AD) to handle authentication in a Django application.

We'll register a Django app in Azure AZ and will add users to our tenant. After this, we'll see how to configure Django to work with the ms_identity_web library, and will give users the ability to login and logout through Microsoft Identity Platform.

This is an example of using the OAuth2.0 Authorization Code Flow, with Azure AD as our external identity-provider.

We'll also see how to setup multi-factor authentication on Azure Active Directory, both with Security Defaults and with Conditional Access policies.

📌 𝗖𝗵𝗮𝗽𝘁𝗲𝗿𝘀:
00:00 Intro
02:24 Registering Django app with Azure Active Directory
05:43 Creating User in Azure Active Directory tenant
06:40 Adding Azure AD config file to Django project
08:38 Adding ms_identity_web settings to Django
10:45 Adding Login form from Azure AD
16:36 Adding SSL to Django Dev Server with runserver_plus command
21:12 Protecting routes with ms_identity_web login_required decorator
24:09 Django Sessions & Azure AD JWT Access Tokens
27:35 MFA with Azure Active Directory
29:42 Conditional Access Policies in Azure Active Directory

☕️ 𝗕𝘂𝘆 𝗺𝗲 𝗮 𝗰𝗼𝗳𝗳𝗲𝗲:
To support the channel and encourage new videos, please consider buying me a coffee here:

𝗦𝗼𝗰𝗶𝗮𝗹 𝗠𝗲𝗱𝗶𝗮:

📚 𝗙𝘂𝗿𝘁𝗵𝗲𝗿 𝗿𝗲𝗮𝗱𝗶𝗻𝗴 𝗮𝗻𝗱 𝗶𝗻𝗳𝗼𝗿𝗺𝗮𝘁𝗶𝗼𝗻:

#azure #python #django #azureactivedirectory #microsoftazure
Рекомендации по теме
Комментарии
Автор

This is dope. I love your channel for high level programming.

1. I am hoping that we could go a little bit further to configure multitenant applications too

2. In multitenant applications where domains might be unique and dynamic, how is the auth gonna be like?

Until then, thumbs up from me

trosgate
Автор

This is legit the best explanation I have seen and gave me confidence to implement this in my project. Thank you, as well for the technical breakdown, that was so useful!

phillipgilligan
Автор

under rated
u deserve subs brother
keep it up quality contentment

yomonsbuzz
Автор

explained it very well,
Thank you so much for your knowledge sharing

dlifdol
Автор

This is a great video. Is there any chance you can talk about group claims and some of the other parameters so that we can map AAD groups to Django groups and permissions? It would be super helpful in implementing a true single sign on of Django with AAZ

BrantScalan
Автор

This is great content as usual. Do you have an example of, or could you create/show, how to use AAD groups and claims with Django groups for permissions and content access? It’s one things to SSO with AAD but in reality members of AAD groups would have rights that needs to used for Django content

BrantScalan
Автор

Thanks for the Explanation, I hope that you can add an update about the Azure Entra ID.

aalhommada
Автор

Sadly they have now removed the json sample from the tutorial...

creepersonspeed
Автор

What about django rest framework. My frontend is running on another server so I need to send the office365 uri from the backend, then i need to validate de token from the frontend

nicholas_eras
Автор

great video, just to round up, if you could just do an extension of the media file in azure storage would be lovely

routchenko
Автор

Thank you very much, very clear, very pleasant to hear.

tlpf
Автор

Great work, Can you please comment the documentation link which you followed

dinesh
Автор

Amazing video. Something I have wanted to do was convert my project to SSO against Azure AD. Could there be a follow on video about django permissions and Azure Groups and Group Claims in the Azure token? That is one road block I have for conversion. How do I protect content, model perms, with members from azure groups or mapping them to existing Django groups. Not sure how to do that or what should be done. Thank you

pzyctrb
Автор

Very interesting.
But if I need to give authorization via /admin, how can I make this directly via AD?

mice
Автор

Excellent video!!! My question is, how do I access the users' other information like their email address? Seeing as request.identity_context_data provides username but no other personal information. And I will really appreciate a pointer on how this can be combined with a User model.

charlesu
Автор

Thank you so much sir ....very well explained ....love this video

piyushsonawane
Автор

Azure Active Directory is now Microsoft Entra ID.

pratikcharwad
Автор

Hi, really nice tutorial. I have been following this tutorial & it works smoothly. But I am trying to add Azure AD to an existing DJANGO APP (created by someone else). whenever I am trying to login using SSO it reverts me back to LOGIN page. My guess is I am missing something & under HTML page is not woking as it should, hence reversing to login page. Can you please provide any advice on this or we test my theory of within app.
Regardless, great video, you have one more subscriber.

abhishekkaushik
Автор

I'm having a hard time operating the sign_out ! My app will work fine in a private browser, but not on a browser. I'm guessing the cache isn't deleted, or something so... I don't get redirected to the app after logging out with Azure AD. Any advice with this?

tvpbtuy
Автор

So good thx! What's the baseline pricing for adding Azure AD to Django?

mqbdinu