> ## Documentation Index > Fetch the complete documentation index at: https://docs.chainloop.dev/llms.txt > Use this file to discover all available pages before exploring further. # Use Active Directory as Single Sign-On provider Chainloop authentication backend is delegated to an OpenID Connect (OIDC) compatible Identity Provider (IdP) such as Google, GitHub, Auth0 or Azure Active Directory. This guide will show you how to configure your Chainloop instance to run authentication over Azure Active Directory. The process comprises two steps: 1. Register a new App in your Azure Active Directory tenant 2. Configure Chainloop deployment with the new OIDC settings ## Register a new App In your Azure console go to **App registrations** and click on **New registration**. Register a new App Fill out a descriptive name and your custom callback URL that should point to your instance of Chainloop control plane. Register a new App Once done, take note of the generated **Application (client) ID** and the tenant ID. Register a new App ## Create a new client secret Next Create a new client secret and copy the generated value by clicking on "Certificate & secrets" > "New client secret" Register a new App Once done, copy the "value" which will be used as the `clientSecret` in the next step. Register a new App ## Setup ODIC claims Finally, we need to configure the OIDC claims that Chainloop will use to show information about the user. Specifically, we need to set the `given_name` and `family_name` claims. This option can be found in the **Token configuration** section of your app registration. Choose ODIC Claims ## (Optional) Enable automatic provisioning of user roles and groups Enable automatic provisioning of user roles and groups by following the [Automatic provisioning of user roles and groups](/guides/deployment/guides/provisioning#dynamic-provisioning-through-single-sign-on-oidc) guide. ## Configure Chainloop deployment As explained in the [deployment guide](../oss), Open ID Connect configuration is done using the `auth.oidc` section of the `values.yaml` file. Use the ClientID, Secret and URL from the previous step to configure the OIDC backend as shown below ```yaml theme={"dark"} auth: oidc: url: https://login.microsoftonline.com/[TENANT_ID]/v2.0 clientID: [APP-CLIENT-ID] clientSecret: "[APP-CLIENT-SECRET]" ``` And deploy your Chainloop Control Plane with the update values to take effect. Finally give it a try by running `chainloop auth login` and that's all! Your Chainloop users are now authenticated against your Active Directory tenant.