This example uses Azure Active Directory as the identity provider, but the same can be done with any identity provider supporting OAuth2 OpenID Connect protocol.
Azure account.
To use OAuth2 in Hopsworks you first need to create and configure an OAuth client in your identity provider. We will take the example of Azure AD for the remaining of this documentation, but equivalent steps can be taken on other identity providers.
Navigate to the Microsoft Azure Portal and authenticate. Navigate to Azure Active Directory. Click on App Registrations. Click on New Registration.
Enter a name for the client such as hopsworks_oauth_client. Verify the Supported account type is set to Accounts in this organizational directory only. And Click Register.
In the Overview section, copy the Application (client) ID field. We will use it in Identity Provider registration under the name Client id.
Click on Endpoints and copy the OpenId Connect metadata document endpoint excluding the .well-known/openid-configuration part. We will use it in Identity Provider registration under the name Connection URL.
Click on Certificates & secrets, then Click on New client secret.
Add a description of the secret. Select an expiration period. And, Click Add.
Copy the secret. This will be used in Identity Provider registration under the name Client Secret.
Click on Authentication. Then click on Add a platform
In Configure platforms click on Web.
Enter the Redirect URI and click on Configure. The redirect URI is HOPSWORKS-URI/callback with HOPSWORKS-URI the URI of your Hopsworks cluster.
!!! note
If your Hopsworks cluster is created on the cloud (managed.hopsworks.ai),
you can find your *HOPSWORKS-URI* by going to the [managed.hopsworks.ai dashboard](https://managed.hopsworks.ai/dashboard)
in the *General* tab of your cluster and copying the URI.
In this guide you learned how to create a client in your Azure identity provider and acquire a client id and a client secret.