Skip to content
Pinter Computing

Knowledge Base for IT Professionals, Teachers, and Astronauts

Pinter Computing

Knowledge Base for IT Professionals, Teachers, and Astronauts

  • Home
  • Programming
  • DevOps
  • Project Management
  • Software and Hardware
  • Miscellaneous
  • Egyebek
  • About
  • Experience
  • Education
  • Contact
  • Home
  • Programming
  • DevOps
  • Project Management
  • Software and Hardware
  • Miscellaneous
  • Egyebek
  • About
  • Experience
  • Education
  • Contact
Close

Search

Home/Knowledge Base/Set up Easy Auth with Microsoft Azure Entra ID
Knowledge Base

Set up Easy Auth with Microsoft Azure Entra ID

By Laszlo Pinter
March 9, 2026 5 Min Read
0

The Microsoft Azure Entra ID provides federated authentication and authorization services for applications running in the Azure Cloud. Easy Auth enables application to use Single Sign On (SSO) services transparent to the user to detect the identity of the user of the application. To set up Easy Auth

  • Open the Microsoft Azure management portal at https://portal.azure.com/

There are two ways to set up Easy Auth for an Azure Container App: automatically from the Container App or manually using Entra ID by an administrator.

Automatic configuration ( does not require Azure Cloud account admin rights)

Configure the authentication

  • On the Azure Container App page in the Security section select Authentication
  • On the page select the Add Identity Provider button
  • In the list select Microsoft as the identity provider
  • Configure the identity provider. Set the client secret expiration date
    • To require users to authenticate when thay use the application elect Require authentication and for web applications leave HTTP 302 selected
    • To allow users to access the application without the login page, select Allow unauthenticated access. If this is an internal application and the users have already authenticated to access the network, the user information will be included in the web request header.
  • Click the Next: Permissions button to configure the Microsoft Graph permissions
  • Keep the User.Read permission
  • Click the Add button to save the settings
  • It takes a minute to generate all objects.
  • The App (client) ID is on the Authentication page of the Security tab

Get the tenant ID

  • Install the Azure CLI
  • In the Terminal execute
    az account show
  • The Tenant ID is displayed in the output

Manual configuration by an Azure Cloud account admin

Register the application

  • On the main page select the Microsoft Entra ID icon
  • Click the Add item in the header and select App Registration
  • Enter the display name of the application. If the application does not use Azure Entra as the authentication provider, leave the Redirect URI empty and click the Register button

Set the permissions

Make sure the Microsoft Graph User.Read permission is enabled

  • On the left side open the Manage menu and select API permissions
  • Make sure the Microsoft Graph User.Read permission is enabled
  • If the Microsoft Graph User.Read permission is not enabled
    • Click the Add a permission option
    • Select the Microsoft Graph option
    • Select Delegated permissions
    • In the User section enable User.Read permission
    • Click the Add permission button at the bottom of the page
  • Click the Grant admin-consent for … button
  • Click the Yes button
  • The status should be Granted for …

Use the Easy Auth feature in your application

Configure your Azure Container Apps application to use Easy Auth
  • Copy the Application (client) ID and Directory (tenant) ID from the Overview page

In the Azure Container Apps deployment script update the application to use the Easy Auth feature with the authTenantId and authClientId values extracted above:

# Entra ID issuer URL for built-in authentication (Easy Auth)
authIssuer="https://login.microsoftonline.com/${authTenantId}/v2.0"            

# Enable Entra ID (Azure AD) built-in authentication (Easy Auth)
            # This injects the X-MS-CLIENT-PRINCIPAL-NAME header with the user's UPN on every authenticated request.
            echo "Configuring Entra ID authentication..."
            az containerapp auth microsoft update \
                --name $applicationName \
                --resource-group $resourceGroupName \
                --client-id $authClientId \
                --issuer $authIssuer \
                --yes
Extract the user information in the application

In the loader() function of the React Router 7 (Remix) web application read the “x-ms-client-principal-name” header value. It will contain the email address of the user.

export async function loader({ request }: Route.LoaderArgs) {
  let userName = "";

  // 1. Check for Azure AD / Entra ID auth header (production)
  const principalName = request.headers.get("x-ms-client-principal-name");
}

For more information on configuring Azure Container Apps for Easy Auth see Authentication and authorization in Azure Container Apps

Author

Laszlo Pinter

Follow Me
Other Articles
Previous

Debugging React Web Applications

Next

Debugging Vitest JavaScript and TypeScript unit tests

No Comment! Be the first one.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Search

Last Changes

  • DevOps Engineering part 1. (Mac) - Make your Macintosh easier to use June 25, 2026
  • Japan travel tips June 22, 2026
  • How to stop the rain and snow in Cities: Skylines II June 20, 2026
  • Cities: Skylines II Developer Mode June 20, 2026
  • 'CSII_MANAGEDPATH' has incorrect path(s) when building Cities: Skylines II mod June 20, 2026

Tags

.NET .NETcore 3Dprinting ASP.NET Core AutodeskInventor AWS C# Chef cloud DevOps Docker EntityFramework Games Git Go iOS iPad iPhone iPod Java Kubernetes Linux MacOSX MSSQL MVC Node.js Packer PowerShell Python RDS RightScale Ruby security Splunk TeamCity Terraform TestKitchen Tomcat Ubuntu Vagrant VirtualBox VisualStudio Windows WordPress Xcode

Recent Comments

  • Zengei László on MyHeritage családfa exportálása és küldése emailben
  • Raúl Castillo on DynDns update error
  • MICHAEL on Windows Media Player 12 cannot find the album information
  • Nargis on Configure Epson ET-3850 scanning on Windows 11
  • Venczelné Zemen Erika on Delta S2302 termosztát programozása

–

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org
Copyright 2026 — Pinter Computing. All rights reserved.