azure sso

redhat/ocp4/4.16/2024.12.azure.sso.without.group.sync.md

@@ -8,7 +8,7 @@ In your Azure portal, go to Azure Active Directory -> App registrations -> New r
 
 ![](imgs/2024.12.azure.sso.md/2024-12-19-13-07-33.png)
 
-As you can see, we create a `app registration` `azure-ocp-sso`. Let us find the redirect url for the openshift sso.
+As you can see, we will create a `app registration` `azure-ocp-sso`. Let us find the redirect url for the openshift sso.
 
 Get openshift sso callback host from openshift cli:
 
@@ -115,6 +115,8 @@ Select `Users and groups` -> `Add user/group`
 
 Select the groups you want to sync. Here you may need to active `azure entra` subscription. A free trail is available for 30 days and 25 users.
 
+![](imgs/2024.12.azure.sso.without.group.sync.md/2024-12-21-20-49-22.png)
+
 ![](imgs/2024.12.azure.sso.without.group.sync.md/2024-12-20-22-18-37.png)
 
 Then, go to `app registration` -> `manifest`, backup existed manifest, and make some changes.
@@ -162,6 +164,14 @@ Save the manifest changes. Now you finished the azure portal setting.
 We will create a `oauth` object in openshift to integrate with Azure SSO. Here is an example, we add 2 identity providers, `htpasswd` and `azure-ocp-sso`. The `htpasswd` is for local user, and `azure-ocp-sso` is for Azure SSO. You can change it based on your requirement, for example, remove `htpasswd` if you don't need it.
 
 ```bash
+# set the environment variables
+# here is the example, you need to change the value based on your own setting
+export AZURE_TENANT_ID='xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx'
+export AZURE_CLIENT_ID='yyyyyyyy-yyyy-yyyy-yyyy-yyyyyyyyyyyy'
+export AZURE_CLIENT_SECRET='XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX'
+export AZURE_ENDPOINT='https://login.microsoftonline.com/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/v2.0'
+
+
 # import the secret from the client secret var
 oc create secret generic openid-client-secret-azure \
 --from-literal=clientSecret=$AZURE_CLIENT_SECRET \