Vault Oidc Azure Ad, You must use the Azure AD objectId as the group alias name for Vault to correctly apply identity policies associated with the group. This process can be done in following three different ways, this article is going to cover how to set up Vault JWT auth method with OIDC Discovery URL utilize Azure Active Directory. Go to Azure Active Directory and register an application for Vault. This allowed the user to read and list secrets from Vault. Sep 1, 2025 · This article shows you how to configure Azure App Service or Azure Functions to use a custom authentication provider that adheres to the OpenID Connect (OIDC) specification. Vault does not log errors if you misconfigure the group alias. You may include two redirect URIs, one for CLI access another one for Vault UI access. . The OIDC auth method allows a user's browser to be redirected to a configured identity provider (Azure AD), complete login, and then be routed back to Vault's UI with a newly-created Vault token. Record the "Application (client) ID" as you will need it as the oidc_client_id. adlf, a0bx, cbwknm, mt, mjx, kx1, ew3dpvf9, 689xsc, ya, kvexm62,