Skip to content

Add advanced Azure AD OAuth/Webserver authentication example with role/group mapping #60747

New issue
New issue
Closed
Closed
Add advanced Azure AD OAuth/Webserver authentication example with role/group mapping#60747
Labels
kind:bugThis is a clearly a bugkind:documentationneeds-triagelabel for new issues that we didn't triage yet
@Overdarejieun

Description

@Overdarejieun
Overdarejieun
opened on Jan 18, 2026

What do you see as an issue?

The webserver-authentication.rst documentation currently shows basic authentication and some OAuth provider examples, but does not include a practical example for Azure Active Directory (Azure AD) that demonstrates how to configure Azure AD OAuth in webserver_config.py, extract roles/groups from the token, and map them to Airflow RBAC roles.
While the SSO docs include a generic Azure AD provider example, they do not cover end-to-end usage with the webserver authentication manager.

Solving the problem

Add an advanced example section in webserver-authentication.rst showing:

  • Azure AD OAuth provider config in webserver_config.py
  • Custom security manager subclass to parse Azure AD token claims
  • Example role/group to Airflow role mapping (AUTH_ROLES_MAPPING)
  • Basic explanation of relevant settings such as AUTH_ROLES_SYNC_AT_LOGIN

This would help users using Azure AD for authentication and role mapping in real deployments.

Anything else

No response

Are you willing to submit PR?

  • Yes I am willing to submit a PR!

Code of Conduct

Metadata

Metadata

Assignees

No one assigned

    Labels

    kind:bugThis is a clearly a bugkind:documentationneeds-triagelabel for new issues that we didn't triage yet

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions