Close
logodocs

SSO with Azure AD

This guide will show you how to configure Microsoft Azure Active Directory (AD) as a single sign-on (SSO) provider to authenticate to strongDM for your organization.

Before You Begin

Ensure that you have the appropriate roles:

  • In Azure AD, you must be an Application Administrator or Global Administrator.
  • In strongDM, you must be an Account Administrator.

Azure SSO Configuration Guide

App registration and configuration in Azure AD

  1. Log in to the Azure AD portal, and go to App registrations.
  2. Click New application registration and set the following:
    1. Name: Provide a descriptive name for this app.
    2. Supported account types: Specify if you want this app to span across multiple directories.
    3. Redirect URI: Select Web and then specify the redirect URI as https://app.strongdm.com/auth/return.
      Azure "Register an application" settings
      Azure "Register an application" settings
  3. Click Register.
  4. The app’s Overview section will appear. Copy the Application (client) ID and save it for later use. You will be pasting the application ID into the strongDM Admin UI in a later step.
    Application ID
    Application ID
  5. In the app’s Branding section:
    1. Set the Home page URL as https://app.strongdm.com.
    2. Copy the Publisher Domain and save it for later use in the Admin UI.
    3. Click Save.
      Publisher Domain
      Publisher Domain
  6. In the app’s Certificates & secrets section:
    1. Click + New client secret.
    2. Provide a description, set the expiration, and click Add.
    3. The client secret will be shown only one time, so copy the value (not the secret ID) now for later use in the Admin UI.
      Client Secret Value
      Client Secret Value

Add SSO in strongDM

  1. In the Admin UI, go to Settings and click the Authentication tab.
  2. In the Single Sign-on section, click the lock icon to make changes, and then set the following:
    1. From the dropdown selector, select Azure as the SSO provider.
    2. Single sign-on URL: Set https://login.microsoftonline.com/{PUBLISHER_DOMAIN}
    3. Client ID: Set the Application (client) ID that you copied from the app’s Overview section.
    4. Client Secret: Set the client secret value that you copied from the app’s Certificates & secrets section.
  3. Select your desired general SSO settings.
  4. Click activate.
    SDM Auth Page
    SDM Auth Page

Azure SSO configuration is now complete.

If any errors occur or if the integration fails in any way, please contact support@strongdm.com for assistance.

Installation — Previous
SSO with Auth0
Next — Installation
SSO with Google