I am using discourse in our organization and have a requirement to enable SSO using Azure AD. is there a guide on how I can enable single sign-on using Azure AD? Also, I have one more requirement, normally in discourse if I use username password-based authentication, then users can register and create their account on the forum but in the case of Azure AD SSO, how the profiles will be created automatically while login and it will be mapped to a particular group based on some Azure AD group? Is there a way I can create the user account in the forum automatically while login in to the forum using Azure AD SSO and automatically map the user with some group based on Azure AD Group name?
A number of people have seen success with the OpenID Connect plugin. There is a short section about Azure AD at the bottom of the first post here:
By default, people will click “Login” in Discourse, be directed to Azure. When they return to Discourse they will be shown the signup form (which is the same as the regular signup form, minus the password field). There are various site settings you can use to control the signup behaviour.
Group synchronisation isn’t supported at the moment. You might be able to achieve something by building an integration with the Discourse API.
For the group sync? We don’t have any specific plans for Azure, or OpenID Connect. However we are working on a general framework, which may open the door to adding Azure support in future. The technical details can be found here: