Having been involved with Rancher as of late, I’ve been working with setting up integrating it with Azure AD. Since I know that Rancher supports AzureAD as an authentication point (but no documentation from Rancher’s side)
So I’ve decided to write a quick blog post on the subject, on how to configure the authentication to AzureAD.
One thing that should be noted however is that even though Rancher supports AzureAD it is not being used to do RBAC this is still done within Rancher, so it means that we cannot for instance define groups in AzureAD and use them to control access. So there are a few things that it requires to setup.
Tenant ID:
Client ID:
Domain:
Admin Account Username:
Admin Account Password:
So this required that we define the application in AzureAD and setup some specific access rules for the application as well. So go into Azure AD and setup a new application
Choose “Add an application my orgranization is developing” and choose Native Client Application
Under redirect URL you just need to type in a valid URI, Rancher does not use this parameter for authentication
Then after the application is created we need to define some custom permissions so that it can authenticate users on-behalf of users
Also copy out the clientID, which is the ClientID we need to enter in the Rancher UI. The Tenant ID can be found in the Browser URL when you are working within the AzureAD tenant
Then enter the TenantID, ClientID, and domain name (Which will be used to authenticate against the domain
If successfull you will get this
So users will now be greeted with this login screen if they try to access Rancher
Now they do not need to enter a domain name since it defaults to the domain name specified in the setup.