Skip to main content
ℹ️
Previous VersionThis is documentation for the previous NetBox version. For the latest features and updates, visit the latest NetBox documentation.
CloudEnterprise

NetBox Enterprise Entra ID Group Mapping

Place the following in configuration overrides python section

Basic SSO

REMOTE_AUTH_BACKEND = 'social_core.backends.azuread.AzureADOAuth2'
SOCIAL_AUTH_AZUREAD_OAUTH2_KEY = '{APPLICATION_ID}'
SOCIAL_AUTH_AZUREAD_OAUTH2_SECRET = '{SECRET_VALUE}'
SOCIAL_AUTH_AZUREAD_OAUTH2_TENANT_ID = '{TENANT_ID}'

Group Mappings

SOCIAL_AUTH_AZUREAD_OAUTH2_RESOURCE = 'https://graph.microsoft.com/'
SOCIAL_AUTH_PIPELINE = (
    'social_core.pipeline.social_auth.social_details',
    'social_core.pipeline.social_auth.social_uid',
    'social_core.pipeline.social_auth.social_user',
    'social_core.pipeline.user.get_username',
    'social_core.pipeline.social_auth.associate_by_email',
    'social_core.pipeline.user.create_user',
    'social_core.pipeline.social_auth.associate_user',
    'netbox.authentication.user_default_groups_handler',
    'social_core.pipeline.social_auth.load_extra_data',
    'social_core.pipeline.user.user_details',
    'nbc_auth_extensions.azure_authentication.azuread_map_groups',
)


## Define special user types using groups. Exercise great caution when assigning superuser status.
SOCIAL_AUTH_PIPELINE_CONFIG = {
    'AZUREAD_USER_FLAGS_BY_GROUP': {
        "is_staff": ['{ENTRA_GROUP_ID1}','{ENTRA_GROUP_ID2}'],
        "is_superuser": ['{ENTRA_GROUP_ID1}','{ENTRA_GROUP_ID2}']
    },

    'AZUREAD_GROUP_MAP': {
        '{ENTRA_GROUP_ID1}': '{NETBOX_GROUP1}',
        '{ENTRA_GROUP_ID2}': '{NETBOX_GROUP2}',
    }

}
Related Topics
AdministrationAuthenticationNetBox
Last updated on