Add Azure AD authentication to a Node.js application using Datawiza in 5 mins

August 16, 2021
Weiyu Fang

Do you want to learn how to add authentication to your Node.js application? In this step-by-step tutorial, you will learn how to integrate a Node.js application with Azure AD using Datawiza to implement OIDC/OAuth SSO for the Node.js application. 

What is a Node.js application?

Node.js is an open-source, cross-platform, back-end JavaScript runtime environment that runs on the V8 engine and executes JavaScript code outside a web browser. Node.js lets developers use JavaScript to write command-line tools and for server-side scripting—running scripts server-side to produce dynamic web page content before the page is sent to the user's web browser. Consequently, Node.js represents a "JavaScript everywhere" paradigm, unifying web-application development around a single programming language, rather than different languages for server-side and client-side scripts.

Run a Node.js application

image on how to run a Node.js application

We use the sample offered in Node.js official Getting Started Guide as the example in this section. The application running at port 3000 simply returns “Hello World.”

What is the best Node.js authentication library? Passport, which has 19,131 stars in Github, is extremely flexible and modular. It has a comprehensive set of strategies supporting authentication using a username and password, Facebook, Twitter, and more. What’s more, it has a plugin for Azure Active Directory. However, you still need to spend a lot of time to clearly understand the concepts about Azure AD, OIDC, Oauth2, and so on. You deserve a better solution, and we are building one that will reduce the time required down to hours or days, even minutes.

Introduction to the Datawiza Platform

The Datawiza Platform is a cloud-delivered, SaaS-based access management solution. It includes a data plane and a control plane: Datawiza Access Broker (DAB) and Datawiza Cloud Management Console (DCMC).

DAB is a lightweight, container-based access proxy deployed close to your application via the sidecar (agent) or gateway mode. It talks to Azure AD on behalf of your applications, so you don’t need to worry about the integration work. DCMC is a cloud-based management console where you can configure and manage the policies of DABs. Such a SaaS-based design makes the whole platform much easier to use.

Simple configurations using Datawiza Cloud Management Console

Use your Azure AD Admin Account (this account should have the permission to create an app registration in the Azure AD tenant) to log in to the DCMC.

Follow the tutorial in Integrating a web application with Azure AD using Datawiza in 5 mins to create an application in DCMC. Note that when you configure the application, the port of  Upstream Servers should be 3000 instead of 3001:

image of configurations with Datawiza and Microsof Azure console

Run DAB as a sidecar (agent) to your application

After finishing the configuration in DCMC, you can run the DAB with the YAML file noted in the previous step. The docker-compose YAML file should then be like this:

version: '3'
    container_name: datawiza-access-broker
    restart: always
      - "9772:9772"
      PROVISIONING_KEY: #############################
      PROVISIONING_SECRET: #############################

Now, we can use docker-compose to create and start the DAB:

docker-compose -f datawiza-access-broker up -d

That's it. After executing the command above, the Node.js application should have SSO enabled with Azure AD.

Now, let's give it a try.

Open a browser and type in http://localhost:9772. You should see the Azure AD login page as follows. Note that if you are already logged into Azure AD in your browser, you may need to logout to see the login page.

image of the Microsoft sign in portal

After logging in to Azure AD, the Node.js application will be shown.

screenshot of local host with the words "hello world"

This tutorial has shown you how to secure a Node.js application with Azure AD using Datawiza -- in minutes instead of hours or days. Get a free trial by signing in here. Please email us at if you need any help or have any questions.