Azure AD Setup

1. Install oauthenticator with required dependency

   pip3 install "oauthenticator[azuread]"
   

2. Set the AAD_TENANT_ID environment variable

   export AAD_TENANT_ID='{AAD-TENANT-ID}'
   

3. Add the code below to your jupyterhub_config.py file

   import os
   from oauthenticator.azuread import AzureAdOAuthenticator
   c.JupyterHub.authenticator_class = AzureAdOAuthenticator
   
   c.Application.log_level = 'DEBUG'
   
   c.AzureAdOAuthenticator.tenant_id = os.environ.get('AAD_TENANT_ID')
   
   c.AzureAdOAuthenticator.oauth_callback_url = 'http://{your-domain}/hub/oauth_callback'
   c.AzureAdOAuthenticator.client_id = '{AAD-APP-CLIENT-ID}'
   c.AzureAdOAuthenticator.client_secret = '{AAD-APP-CLIENT-SECRET}'
   

   This sample code is provided for you in examples > azuread > sample_jupyter_config.py

4. Make sure to replace the values in '{}' with your APP, TENANT, DOMAIN, etc. values

5. You might need to add at least the openid scope if your organization requires MFA (c.AzureAdOAuthenticator.scope = ['openid']), in addition to whatever else you need.

6. Follow this link to create an AAD APP

7. CLIENT_ID === Azure Application ID, found in: Azure portal --> AD --> App Registrations --> App

8. TENANT_ID === Azure Directory ID, found in: Azure portal --> AD --> Properties

9. Run via:

   sudo jupyterhub -f ./path/to/jupyterhub_config.py
   

10. See run.sh for an example

11. Source Code