Documentation Auth Setup

This site is protected by Azure AD authentication via Azure Static Web Apps.

How It Works

sequenceDiagram
    participant User
    participant Docs Site
    participant Azure AD

    User->>Docs Site: Access any page
    Docs Site->>Docs Site: Check auth cookie
    alt Not authenticated
        Docs Site->>User: Redirect to /.auth/login/aad
        User->>Azure AD: Login with Bayer credentials
        Azure AD->>User: Return auth token
        User->>Docs Site: Redirect back with token
        Docs Site->>User: Set auth cookie, show page
    else Authenticated
        Docs Site->>User: Show page
    end

Deployment Steps

1. Azure AD App Registration

Create an app registration in Azure Portal:

• Name: Friday Docs
• Redirect URI: https://<your-site>.azurestaticapps.net/.auth/login/aad/callback
• Supported account types: Single tenant (Bayer only)

Note the Client ID and create a Client Secret.

2. Azure Static Web Apps

Create a Static Web App in Azure Portal:

1. Link to your GitHub/Azure DevOps repo
2. Set build configuration:
3. App location: /
4. Output location: site

5. Build command: mkdocs build

6. Add application settings:

7. AAD_CLIENT_ID: Your app registration client ID
8. AAD_CLIENT_SECRET: Your client secret

3. Update Config

Edit staticwebapp.config.json and replace <YOUR_TENANT_ID> with your Azure AD tenant ID.

4. Deploy

Push to your repo. Azure Static Web Apps will build and deploy automatically.

Local Development

Auth is bypassed locally. Run normally:

mkdocs serve

Restrict to Specific Groups

To limit access to certain Azure AD groups, update staticwebapp.config.json:

{
  "routes": [
    {
      "route": "/*",
      "allowedRoles": ["friday-docs-readers"]
    }
  ],
  "auth": {
    "rolesSource": "/api/get-roles",
    ...
  }
}

Then create an API function to map Azure AD groups to roles.

Logout

Users can logout by visiting /.auth/logout.