Microsoft Entra ID SSO for Mealie
Create App Registration
First, an app registration including client secret must be created in Microsoft Entra ID. All settings can be left at the default values. Important settings are the Redirect URIs under the Authentication tab. Set these URIs to your external or internal domain on which Mealie is available. These URIs will be used for Microsoft Entra ID to know where to redirect the user in case of successful logins.
- Type: Single-page application
- Redirect URIs: https://mealie.yourdomain.com/login
Add the corresponding permissions for OpenID Connect as delegated permissions and grant admin consent for your tenant.
- Permissions: Delegated OpenId permissions (email, offline_access, openid, profile)
Create a client secret for the application and save the tenant ID, application ID and client secret in your password manager. You can find instructions for this information here: Get app details and grant permissions to app registration
Setup Microsoft Entra ID login provider
More information about the environment variables from Mealie: Backend Configuration - Mealie
Docker compose example
version: "3.7"
services:
mealie:
image: ghcr.io/mealie-recipes/mealie:latest
container_name: <yourcontainername>
ports:
- "8600:<yourpublicport>" #
volumes:
- <yourpersistentpath>:/app/data/
environment:
- ALLOW_SIGNUP=true
- OIDC_AUTH_ENABLED=true
- OIDC_SIGNUP_ENABLED=true
- OIDC_CONFIGURATION_URL=https://login.microsoftonline.com/<yourtenantid>/v2.0/.well-known/openid-configuration
- OIDC_CLIENT_ID=<yourclientid>
- OIDC_CLIENT_SECRET=<yourclientsecret>
- OIDC_PROVIDER_NAME=Microsoft Entra ID
- PUID=1000
- PGID=1000
- TZ=Europe/Zurich
- MAX_WORKERS=1
- WEB_CONCURRENCY=1
- BASE_URL=https://<yourmealiedomain>
- SMTP_HOST=<yoursmtpmailhost>
- SMTP_PORT=587
- SMTP_FROM_EMAIL=<yoursmtpmail>
- SMTP_USER=<yoursmtpmailuser>
- SMTP_PASSWORD=<yoursmtpmailpassword>
- SMTP_FROM_NAME=<yourmailname>
restart: unless-stopped