Quickstart

Himmelblau is an open-source authentication framework that brings Microsoft Entra ID login, policy enforcement, and Hello PIN support to Linux systems. This documentation will guide you through installation, configuration, and best practices for integrating Himmelblau into your environment.

Get Started

TL;DR

Himmelblau is designed with sensible defaults to make initial setup fast and simple. If you're eager to get started without reading all the details, follow these basic steps:

  1. 📦 Download and install the packages

(Choose the appropriate DEB or RPM for your system and install them.)

  1. ✏️ Edit your config:

Set the primary domain of your Entra ID tenant in /etc/himmelblau/himmelblau.conf:

[global]
domains = example.onmicrosoft.com
  1. 🔐 Configure PAM

On Debian based distros, pam configuration happened automatically when you installed Himmelblau.

On openSUSE or SUSE Linux Enterprise:

sudo pam-config --add --himmelblau

On all other distros, you can run the manual config utility bundled with Himmelblau:

sudo aad-tool configure-pam
  1. 👥 Configure NSS

Add himmelblau to your /etc/nsswitch.conf to resolve Entra ID users and groups.

passwd:     files himmelblau
group:      files himmelblau
  1. 🚀 Start the daemons:
sudo systemctl enable himmelblaud himmelblaud-tasks
sudo systemctl restart himmelblaud himmelblaud-tasks

You’re now ready to log in with your Entra ID credentials!