The NAIS platform provides support for simple, declarative provisioning of an Azure AD client configured with sensible defaults.
An Azure AD client allows your application to leverage Azure AD for authentication and authorization.
The most common cases include:
- User (employees only) sign-in with SSO, using OpenID Connect with Authorization Code flow
- Request chains involving an end-user whose identity and permissions should be propagated through each service/web API, using the OAuth 2.0 On-Behalf-Of flow
- Daemon / server-side applications for machine-to-machine interactions without a user, using the OAuth 2.0 client credentials flow
The feature described in configuration only provisions and configures an Azure AD client. Your application is responsible for using the client to implement the desired use case.
If you need functionality to sign-in end-users with said client, we also provide a separate sidecar proxy that handles this.