SSO With Microsoft Entra ID

Last modified on August 26, 2024

This guide will show you how to configure Microsoft Entra ID (formerly Azure AD) as a single sign-on (SSO) provider to authenticate to StrongDM for your organization.

Prerequisites

Ensure that you have the appropriate roles:

  • In Microsoft Entra ID (formerly Azure AD), you must be an Application Administrator or Global Administrator.
  • In StrongDM, you must be an Account Administrator.

Azure SSO Configuration Guide

App registration and configuration in Microsoft Entra ID

  1. Log in to the Azure portal or Microsoft Entra admin center, and go to App registrations.
  2. Click New application registration and set the following:
    1. Name: Provide a descriptive name for this app.
    2. Supported account types: Specify if you want this app to span across multiple directories.
    3. Redirect URI: Select Web and then specify the redirect URI as https://app.strongdm.com/auth/return.
      Register an application
      Register an application
  3. Click Register.
  4. The app’s Overview section will appear. Copy the Application (client) ID and save it for later use. You will be pasting the application ID into the StrongDM Admin UI in a later step.
    Application ID
    Application ID
  5. In the app’s Branding section:
    1. Set the Home page URL as https://app.strongdm.com.
    2. Copy the Publisher Domain and save it for later use in the Admin UI.
    3. Click Save.
      Publisher Domain
      Publisher Domain
  6. In the app’s Certificates & secrets section:
    1. Click + New client secret.
    2. Provide a description, set the expiration, and click Add.
    3. The client secret will be shown only one time, so copy the value (not the secret ID) now for later use in the Admin UI.
      Client Secret Value
      Client Secret Value

Add SSO in StrongDM

  1. In the Admin UI, go to Settings > User Management.
  2. In the Single Sign-on section, click the lock to make changes, and then set the following:
    1. From the dropdown selector, select Azure as the SSO provider.
    2. Single sign-on URL: Set https://login.microsoftonline.com/<PUBLISHER_DOMAIN>
    3. Client ID: Set the Application (client) ID that you copied from the app’s Overview section.
    4. Client Secret: Set the client secret value that you copied from the app’s Certificates & secrets section.
  3. Select your desired general SSO settings.
  4. Click activate.
Settings > User Management > Single Sign-on
Settings > User Management > Single Sign-on

Microsoft Entra ID SSO configuration is now complete.