Azure SSO Configuration User Guide

External IdP Configuration Guide Overview (OIDC)

In order to configure an external OIDC provider for an AWS Cognito user-pool, there must be an exchange of information between both the app (Stratusphere) and the customer organization's system administrator.

The system administrator must configure their SSO Provider with a new Application representing Stratusphere (and the above values). They must then provide the following (from the SSO Provider's newly registered application) to Stratusphere:

• Domain/Issuer URL
• Client ID
• Client Secret

Note: SAML-required fields are different from those required to configure OIDC IdPs. This guide is specific to OIDC configurations.

Customer System Administrator - Azure Entra ID Configuration (OIDC)

Please follow these steps to create an App Registration in Entra ID for Stratusphere:

1. In the Azure Portal, go to Microsoft Entra ID service
2. In the side menu, choose App Registrations
3. Click New Registration

• Name the new application (e.g. "Stratusphere App")
• Supported account types: Accounts in this organizational directory only
• Add the Redirect URI
  • Platform: Web
  • URL: https://scip-auth-prd.auth.us-east-1.amazoncognito.com/oauth2/idpresponse

4. Click the Register button

5. Navigate to the new Application registration you created

6. In the Overview tab of the registration, note these fields:

• Application ID (aka. Client ID)
  
• Entra Directory (Tenant) ID

7. In the Branding & Properties tab, note these fields

• Add the Homepage URL: https://stratusphere.app/auth

8. To create a new client secret:

• On the side menu, choose Certificates & Secrets
• Click New Client Secret
• Description: provide any description (e.g. "Stratusphere App - Client Secret")
• Expires: 2 years
• Click the Add button
• In the table of Client Secrets, click the Copy to Clipboard button beside the Value of the new secret
  • Note: You only get one chance to copy the value; refreshing the page will mask the majority of the secret's value

Finalize Configuration and Test

Once the Application registration has been created and the secret has been configured in the Azure portal, please reach out to support at support@stratusphere.app. We will set up a 15min call to finish configuration and test the integration.

Please be prepared to provide the following values to the Stratusphere team during the call (none of these values will be stored outside of the secure storage in the production SSO service):

• Application (client) ID
• Directory (tenant) ID
• The Client secret's value