Azure AD Setup#
You need to have an Azure OAuth application registered ahead of time, see Azure’s official documentation about registering an app.
Install oauthenticator with the optional dependency
azuread
, as required for use with AzureAdOAuthenticator.pip install "oauthenticator[azuread]"
Add code like below to a
jupyterhub_config.py
filec.JupyterHub.authenticator_class = "azuread" c.OAuthenticator.oauth_callback_url = "https://[your-host]/hub/oauth_callback" c.OAuthenticator.client_id = "[your oauth2 application id]" c.OAuthenticator.client_secret = "[your oauth2 application secret]" c.AzureAdOAuthenticator.tenant_id = "[your azure tenant id]" c.AzureAdOAuthenticator.scope = ["openid", "email"]
Additional configuration#
AzureAdOAuthenticator expands OAuthenticator with the following config that may be relevant to read more about in the configuration reference:
Loading user groups#
The AzureAdOAuthenticator
can load the group-membership of users from the access token.
This is done by setting the AzureAdOAuthenticator.groups_claim
to the name of the claim that contains the
group-membership.
c.JupyterHub.authenticator_class = "azuread"
# {...} other settings (see above)
c.AzureAdOAuthenticator.manage_groups = True
c.AzureAdOAuthenticator.user_groups_claim = 'groups' # this is the default
This requires Azure AD to be configured to include the group-membership in the access token.