Setting up Rancher to authenticate with AzureAD

Having been involved with Rancher as of late,  I’ve been working with setting up integrating it with Azure AD. Since I know that Rancher supports AzureAD as an authentication point (but no documentation from Rancher’s side)

image

So I’ve decided to write a quick blog post on the subject, on how to configure the authentication to AzureAD.

One thing that should be noted however is that even though Rancher supports AzureAD it is not being used to do RBAC this is still done within Rancher, so it means that we cannot for instance define groups in AzureAD and use them to control access. So there are a few things that it requires to setup.

Tenant ID:
Client ID:
Domain:
Admin Account Username:
Admin Account Password:

image

So this required that we define the application in AzureAD and setup some specific access rules for the application as well. So go into Azure AD and setup a new application

image

Choose “Add an application my orgranization is developing” and choose Native Client Application

image

Under redirect URL you just need to type in a valid URI, Rancher does not use this parameter for authentication

image

Then after the application is created we need to define some custom permissions so that it can authenticate users on-behalf of users

image

Also copy out the clientID, which is the ClientID we need to enter in the Rancher UI. The Tenant ID can be found in the Browser URL when you are working within the AzureAD tenant

image

Then enter the TenantID, ClientID, and domain name (Which will be used to authenticate against the domain

image

If successfull you will get this

image

So users will now be greeted with this login screen if they try to access Rancher

image

Now they do not need to enter a domain name since it defaults to the domain name specified in the setup.

Leave a Reply

Scroll to Top