Connecting Anvil apps to Azure AD

Anvil now has built-in integration with Microsoft Azure Active Directory, for all Business Plan users.

You can allow users to sign into your app with their work, school or personal Microsoft account with a single line of code:

anvil.microsoft.auth.login()

If you’re using Anvil’s Users Service for login, you can just check a box - no new code required!

Sign-in methods supported by the Users Service: Email&Password, Google, Facebook, Microsoft Azure, Local Active Directory, Client Certificates (PKI).

You can link your Anvil app more tightly with your Azure or Office 365 subscription, by connecting it with your Azure Active Directory tenant. This lets you build apps that use the Microsoft Graph APIs to interact with Office 365 and other Microsoft services.

You can also restrict your app to only accept, for example, users from your organisation.

Restrict which accounts can log in

If your organization uses Azure Active Directory to manage user accounts, it’s really easy to limit your app to users within your organization:

Radio button list from Azure AD Portal showing the account types you can restrict auth to (your org, all orgs, all MS accounts).

Here’s a step-by-step guide to setting up the Azure Portal to talk to Anvil.

Access Microsoft APIs from Anvil

Microsoft has a whole universe of APIs, allowing you to do anything from automating emails in Outlook to driving Excel spreadsheets.

You can get an access token like so:

token = anvil.microsoft.auth.get_user_access_token()

and use it in an HTTP request to access a Microsoft API:

me = anvil.http.request('https://graph.microsoft.com/v1.0/me',
                        headers={'Authorization': 'Bearer ' + token}, json=True)
print(me)

That’s a request to get everything Microsoft knows about me - not much, fortunately!

{'@odata.context': 'https://graph.microsoft.com/v1.0/$metadata#users/$entity',
 'businessPhones': [],
 'displayName': 'anviltest123@gmail.com',
 'givenName': 'anviltest123@gmail.com',
 'id': 'eeecf79b-ae39-48d3-8c6b-670f8d6a8f59',
 'jobTitle': None,
 'mail': None,
 'mobilePhone': None,
 'officeLocation': None,
 'preferredLanguage': None,
 'surname': 'anviltest123',
 'userPrincipalName': 'anviltest123_gmail.com#EXT#@anvil123.onmicrosoft.com'}

Read the tutorial to learn more

To learn exactly how to use Anvil’s Microsoft integration, follow the tutorial: