OpenID - Azure Node
| Description | The OpenID - Azure node enables authentication using Microsoft Azure Active Directory (Azure AD) via OpenID Connect. |
| Available in | Authentication, Admin, Self Service, Consent, Library, Custom, User Defined |
| Node Name | OpenID - Azure |
Node Configuration
Tenant
Specifies the Azure AD tenant identifier.Client ID
The application (client) identifier registered in Azure AD.Metadata TTL
Defines the **time-to-live (in seconds)** for caching Azure OpenID configuration metadata. After this time, metadata (e.g., endpoints, keys) is refreshed.Array from variable
When enabled, allows dynamic configuration of scopes using a variable array.Scope
Defines the requested scopes, example: - **openid**: (mandatory for OpenID Connect) - **profile, email** etc.Additional Authentication Request Parameters
Allows adding custom parameters to the authentication request through key / value parameters.Attributes retrieved from JWT
Specifies which attributes should be extracted from the **ID Token (JWT)** returned by Azure AD. Common attributes include: - **sub**: User identifier - **email** - **name** - **preferred_username** These values are exposed as variables for use in subsequent nodes.User Identify Rule
Condition to map the user retrieved from the node to the user in the session
The **User Identity Rule** is the condition used to **match** the user retrieved by the node with the user stored in the **current user session** (that can be already active or to be activated at the end of the flow). This rule can be configured in **two** ways: - **Textual editor mode**: where you can manually define the matching condition (for example: `username == username`). - **Visual editor mode**: which provides a guided **interface** to select attributes and combine conditions without writing expressions manually. The **rule must follow** the format: `(user attribute) == (node attribute)(0-n applied functions){ n[0-n][(|| or &&) (user attribute) == (node attribute)(0-n applied functions)]}` #### Attribute Manipulation It is possible to use a set of basic functions to manipulate attributes, see [Attribute Manipulation]({filename}/pages/io/io-nodes/io-node-types/common-configurations.md#attribute-manipulation).Save in Session
Session attribute mapping
The **Save in Session** option is used to persist data within the user session. **Session Attribute Mapping** section allows mapping user attributes to specific values. Multiple mappings can be defined, they're then stored in the **user session** at the end of the flow. Rule are defined as: `attribute : value retrieved from the node` Example: `username: uid` #### Attribute Manipulation It is possible to use a set of basic functions to manipulate attributes, see [Attribute Manipulation]({filename}/pages/io/io-nodes/io-node-types/common-configurations.md#attribute-manipulation).Save in the Flow store
Save in the Flow store
Attributes generated or retrieved from the node can be saved **into a variable**. They can then be **reused by other nodes** in the flow by referencing them as `{{variable.attribute}}`. To do this you choose attributes that need to be stored in the variable, and in the flow store (All attributes exposed by the node are listed in a **multi-select dropdown**, allowing the user to choose **one or more** of them), then a **variable name** that can be **freely defined** by the user. There is also a flag to make the variable available to the **frontend**.Default Output Node
- Success
- Failure
