Azure Authentication Deployment Guide

Description

Hello,

I am looking for a step-by-step guide for setting up Authentication through Azure Active Directory. Through my searches I have found several piece-meal descriptions and problem / solution posts (indicating that it is possible), however nothing that goes through the end-to-end process.

I am hoping that someone here might have a guide built up for internal use that might be shareable / converted to a more generic guide.

Additionally, I know this can be done both via OAuth or SAML. Right now I am leaning more towards OAuth as it seems to be the simpler of the two solutions. Would someone be able to give an executive summary as to Advantages / Disadvantages of either or both solutions?

Thanks :slight_smile:

Server Setup Information

  • Version of Rocket.Chat Server: 3.8.1
  • Operating System: Ubuntu 20.04
  • Deployment Method: Docker
  • Number of Running Instances: 1
  • DB Replicaset Oplog: Enabled

Where I’m trying to get to is that users are only allowed to use their mobile app for day-to-day MFA use (no phone/SMS), but if they lose their phone with the MFA app on it, or get a new one and don’t setup MFA on their new phone while they have their old one, they have a way to get into their account without contacting IT.