For the record. In the end we used the SAML Plugin <https://wiki.jenkins-ci.org/display/JENKINS/SAML+Plugin> along with the following instructions to setup SAML Auth in Azure AD:
https://blogs.msdn.microsoft.com/tsmatsuz/2016/12/29/azure-ad-saml-federation-application-tutorial/ We found we needed to set the Entity ID in the SSO config to be the same as the Reply URL. On Wednesday, 16 November 2016 15:07:41 UTC+11, Evan Greensmith wrote: > > > We're moving from Google accounts to Microsoft online accounts. Currently > our Jenkins is setup to use the Google Login Plugin to allow 2-factor login > using staff Google accounts (and Google Authenticator). We'd like to have a > similar setup (with 2-factor auth) using staff Microsoft online accounts > (and Windows Authenticator). > > login.microsoftonline.com provides an oauth end-point that could be used > to provide 2-factor authentication, but I can't find any microsoft/generic > OAuth Login plugin (the Google Login Plugin appears to hard-code the google > OAuth end-points). Using LDAP/AD would be an option, but not sure how we > could get the 2-factor authentication setup (using Windows Authenticator). > Our current fall-back is to opt for LDAP login but have more restricted > access to the Jenkins box. > > I'd be interested to hear any stories of looking at login via Microsoft > online accounts. Or any useful pointers. > > Cheers, > Evan. > -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/dbd30834-9b62-4df6-8211-b5ccd39c3639%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
