- name: Add easy authentication

href: how-to/with-web-app/add-authentication-to-web-app.md

title: Add Active Directory authentication

description: Add Microsoft Identity authentication to your Express.js web app on Azure App service using easy authentication.

ms.topic: how-to

ms.date: 04/28/2021

ms.custom: devx-track-js

Add Microsoft authentication to your web app with an app registration and an Azure app service. The Azure app service provides an easy authentication ("easy auth") to your web app, doing most of the work for a simple authentication use case for you.

* [Sample code](https://github.com/azure-samples/js-e2e-web-app-easy-auth.git)

[Easy auth](/azure/app-service/overview-authentication-authorization.md#feature-architecture-on-windows-non-container-deployment) allows your app to provide login to your users using their existing Microsoft account.

The account doesn't have to have a particular domain name. The account can include accounts such as:

* `@microsoft.com`

* `@outlook.com`

* `@yahoo.com`

* `@gmail.com`

Any email domain works as long as the user has an existing Microsoft Identity account with that email address.

Users are held and authenticated by tenant. An Azure tenant represents a single organization. A tenant is a dedicated and trusted instance of [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis.md) that's automatically created when your organization signs up for a Microsoft cloud service subscription, such as Microsoft Azure, Microsoft Intune, or Microsoft 365.

All users, regardless of tenant, can be authorized by the Microsoft Identity provider, if the user and the app are both configured that way.

The following steps provide:

* Identity provided by a secure identity provider

* No code changes to your app required

* No authentication callback routing changes required

* A quick way to secure your app

* Very little Active Directory setup required

Make sure the following are installed on your local developer workstation:

- An Azure account with **an active subscription which you own**. [Create an account for free](https://azure.microsoft.com/free/?WT.mc_id=A261C142F). Ownership is required to provide the correct Azure Active Directory permissions to complete these steps.

- Microsoft Identity account - this is an [email account](https://signup.live.com) added to Microsoft Identity but doesn't have to be the same account you use to create resources.

- [Node.js 14 and npm](https://nodejs.org/en/download) - installed to your local machine.

- [Visual Studio Code](https://code.visualstudio.com/) - installed to your local machine.

- Visual Studio Code extensions:

- [Azure App Service extension](https://marketplace.visualstudio.com/items?itemName=ms-azuretools.vscode-azureappservice) for Visual Studio Code.

Create and run an Express.js app by cloning an Azure sample repository.

1. At a terminal command prompt, go to the location where you want to create the app folder.

1. Use the following base command with git to clone the repository, change into the repository folder named `myexpressapp`, then install the npm dependencies.

```bash

git clone https://github.com/azure-samples/js-e2e-web-app-easy-auth.git myexpressapp && \

cd myexpressapp && \

npm install

```

1. Run the app with the following command:

```bash

1. Browse to your locally running app, `http://localhost:8080`.

1. In the same bash terminal, stop the running app with **Control + c**.

1. In VS Code, select **Azure** from the activity bar, then select **+** in the **Azure: App Service** side bar.

1. Complete the prompts:

|Prompt|Enter|

|--|--|

|Enter a globally unique name for the new web app.|The name is used as a subdomain for the web app's URI. |

Authentication isn't configured yet. That is the next step.

:::image type="content" source="../../media/app-service-easy-authentication/easy-auth-expressjs-website.png" alt-text="Select **Browse website** from the notification. When you receive the following response in the browser, the sample app is deployed and is responding correctly. Authentication isn't configured yet. That is the next step.":::

1. In VS Code, select **Azure** from the activity bar, then right-click your new web app from the **Azure: App Service** side bar.

1. Select **Open in portal** to configure easy auth.

1. Select **Authentication** under the app's settings then select **Add identity provider**.

:::image type="content" source="../../media/app-service-easy-authentication/app-service-add-identity-provider.png" alt-text="Select Authentication under the app's settings then select Add identity provider":::

:::image type="content" source="../../media/app-service-easy-authentication/app-service-add-microsoft-identity-provider.png" alt-text="Configure Authentication for the Microsoft provider with a new app registration for any Azure AD Directory and personal account.":::