If you plan to use OAuth2 Proxy to allow access to the UIs of the solution only for users that are authenticated in Azure, create an app in Azure by completing these steps:
-
Log in to the Azure portal.
-
Choose Azure Active Directory in the left menu, select App registrations, and then click New app registration.
-
Specify a name for the app and choose the Webapp / API application type. Specify the https://prometheus.BASE_DOMAIN sign-on URL. Then, click Create.
Note: BASE_DOMAIN is the domain that the Prometheus, Alertmanager, and Grafana UI URLs will be based on. You will need to specify this domain when preparing your infra.yaml.
-
On the Settings / Properties page of the app:
-
Pick a logo for the app.
-
Select Multi-tenanted if you want to allow users from multiple organizations to access your app.
-
Write down the application ID. You will need it when preparing your infra.yaml.
-
Click Save.
-
-
On the Settings / Required Permissions page of the app:
-
Click Windows Azure Active Directory.
-
Click Access the directory as the signed in user.
-
Click Save.
-
Click Grant permissions (you might need another admin to do this).
-
-
On the Settings / Reply URLs page of the app:
-
Add the following URLs:
-
https://prometheus.BASE_DOMAIN/oauth2/callback
-
https://alertmanager.BASE_DOMAIN/oauth2/callback
-
https://grafana.BASE_DOMAIN/oauth2/callback
-
-
Click Save.
-
-
On the Settings / Keys page of the app:
-
Add a new key.
-
Click Save.
-
Write down the value of the key. You will need it when preparing your infra.yaml.
-
-
Obtain and write down your Azure Active Directory tenant ID. You will need it when preparing your infra.yaml.