Azure Active Directory OIDC Integration Guide Overview

Note: Pivotal Platform is now part of VMware Tanzu. In v1.12 and later, Pivotal Single Sign‑On is named Single Sign‑On for VMware Tanzu.

Page last updated:

This documentation introduces how to set up Azure Active Directory (Azure AD) with Open ID Connect (OIDC) as the identity provider for Single Sign‑On for VMware Tanzu.

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud-based directory and identity management service.

To set up Azure AD with Security Assertion Markup Language (SAML), see the Azure Active Directory SAML Integration Guide.


To integrate Azure AD with Single Sign‑On using OIDC, you must have the following:

  • An active Azure AD tenant
  • A user with admin privileges

Note: To configure OIDC, you must have the Pivotal Single Sign-On service broker installed on your PCF deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Azure AD Integration Guide

Configuring Azure AD with Single Sign‑On

To integrate your deployment with Azure AD and Single Sign‑On, follow the steps in Configure Azure AD as an OIDC Identity Provider.

Testing and Troubleshooting