Setting up Azure AD
Set up an Azure AD login screen for visitors to your docs.
Last updated
Was this helpful?
Set up an Azure AD login screen for visitors to your docs.
Last updated
Was this helpful?
This guide takes your through setting up a protected sign-in screen for your docs. Before going through this guide, make sure you’ve first gone through “Enabling visitor authentication”.
There is a known limitation with the Azure integration where heading URL fragments will be removed upon authentication. The user will still land on the correct page, but will be taken to the top of the page instead of the heading in the URL. Once a user is authenticated this behavior will no longer occur during a session and the user would be directed to the correct heading.
This is due to a security measure put in place by Microsoft.
To setup your GitBook site with visitor authentication using Azure AD, the process looks as follows:
Create an Azure AD application registration in your Microsoft Entra ID admin dashboard.
Install the Azure AD integration and add the required configuration to your GitBook site.
Configure your Azure AD to work with Adaptive content in GitBook.
Start by creating an app registration in your Microsoft Entra ID dashboard. This application registration will allow the GitBook Azure AD integration to request tokens to validate user identity before granting them access to your site.
Sign in to your Microsoft Entra ID admin dashboard.
Head to Identity > Applications > App registrations from the left sidebar.
Click on + New registration, and give your registration a name.
Under Supported account types, select “Accounts in this organizational directory only (Default Directory only - Single tenant)”.
Leave the Redirect URI field empty for now—you will need to fill this in later.
Click Register to complete the app registration.
You should then see your new app registration Overview screen. Copy and make note of the Application (client) ID and Directory (tenant) ID.
Click on Add a certificate or secret. You should see the following Certificates & Secrets screen:
Click on + New client secret.
Enter suitable description for the secret and click Add.
Copy and make note of the Value field (not the Secret ID) of the secret you just created.
Once you've created the Azure AD app registration, the next step is to install the Azure AD integration in GitBook and link it with your Azure application using the credentials you generated earlier:
Navigate to the site where you've enabled Visitor Authentication and want to use Azure AD as the identity provider.
Click on the Integrations button in the top right from your site’s settings.
Click on Visitor Authentication from the categories in the sidebar.
Select the Azure integration.
Click Install on this site.
After installing the integration on your site, you should see the integration's configuration screen:
Enter the Client ID, Tenant ID, and Client Secret values you copied after creating the Azure AD app registration earlier, and click “Save”.
Copy the URL displayed at the bottom of the dialog.
Head back to the Azure AD app registration you created earlier in the Microsoft Entra ID dashboard.
Browse to Manage > Authentication in the sidebar.
Click + Add a platform and select Web card in the panel that opens.
Paste the GitBook integration URL you copied earlier in the Redirect URI field, and click “Configure”
Head back to Azure integration installation screen in GitBook.
Close the integration dialogs and click on the Settings tab in the site screen.
Browse to Audience and select Visitor authentication (if not already selected).
Select Azure from the dropdown in the Authentication backend section.
Click Update audience.
Head to the site's overview screen and click Publish if the site is not already published.
Your site is now published behind Visitor Authentication using your Azure AD as identity provider.
To test it out, click on Visit. You will be asked to sign in with Azure, which confirms that your site is published behind Visitor Authentication using Azure.
Upon accessing the published content URL and after logging in with your Azure credentials, you may see a screen telling you that you need to "Request approval" from your admin. Your admin can grant this request by accessing the published content URL, logging in, and granting approval on behalf of the organization.
To leverage the Adaptive Content capability in your visitor authentication site, configure the Azure AD app registration to include additional user information in the authentication token as claims.
These claims, represented as key-value pairs, are passed to GitBook and can be used to adapt content dynamically for your site visitors.
Azure AD supports different types and levels of claims, each with its own method of setup:
Standard Claims: Common claims that may be included in tokens but are not always present by default.
Azure AD keeps token sizes optimized for performance. As a result, many claims are not included in the token by default and must be explicitly requested by the application. To ensure claims like email , groups or roles are included, they must be explicitly requested as optional claims.
Optional Claims: Additional predefined claims that can be enabled for an application.
Custom Claims: Claims sourced from custom user attributes in Azure AD or external systems via a custom claims provider.
For more details on how to include these different types of claims in the tokens generated by your Azure AD app, refer to the following Microsoft Entra documentation guides:
After setting up and configuring the right claims to send to GitBook, head to “Adapting your content” to continue configuring your site.
This feature is still under development and coming soon.
Please sign up for the waitlist at https://www.gitbook.com/
