Configuring Azure Entra ID (Azure Active Directory) SSO

Before creating the integration, ensure all users you expect to log in have their email address contact information filled in. This field is required by our platform and cannot be left blank on the Azure Entra ID side. To find the exact field mentioned, open the user's details in Entra, go to "properties", and then "contact information".

Follow these steps to set up and configure Azure AD SSO with CloudSoda (using this link for reference):

1. Open Azure.
   
    
2. Navigate to Azure Active Directory. 
   
    
3. Click App registrations (left panel).
   
    
4. Click New Registration (top panel).
   
    
5. In the Register an Application window: 
    
   • Enter a meaningful name (e.g. CloudSoda SSO).
   • Select Accounts in this organizational directory only.
   • Click Register.
     The application details page appears, displaying the entered name along with the Application (client) ID, Object ID, and Directory (tenant) ID - these will be used later.
      
6. Configure SSO in CloudSoda. 
    
   • Open CloudSoda.
   • Navigate to Management Users (upper-right).
   • Click Configure SSO Add Provider.
     
     NOTE: The Type and Grant Type fields are already populated. These fields are currently hard-coded but will allow for customization in the future. 
      
   • In the Add Identity Provider window:
     • Enter a name (e.g. Azure ID).
     • Click the question mark (?) next to the Issuer field and copy the displayed URL.
     • Replace the (tenant) section of the URL with the Directory (tenant) ID from Azure.
     • Copy the Application (client ID) from Azure and paste it into the Client ID field in CloudSoda.
     • Click Save.
       
       The Identity Providers window displays with the provider you just set up in the list.
        
7. Configure the Redirect URI in Azure. 
    
   • In Azure, click Authentication (left panel).
   • Click + Add a Platform Web.
   • Paste the Redirect URI copied from CloudSoda.
   • Check the ID Token box.
   • Click Configure.
8. Enable SSO in CloudSoda. 
    
   • In CloudSoda, click the Enable () icon next to the provider name.
   • Open a new instance of CloudSoda and select Log in with Azure.
     
     A secure login page appears, enabling you to continue the process.
9. Optional, but good to have: enable the given_name and family_name optional claims to populate the first and last names for users. Note: users who have already logged in will not backfill this information automatically--have them log in again to pull the information. There is no need to delete and reinstantiate users for this.
   1. In the Azure portal, open Microsoft Entra ID → App registrations and select the application used for CloudSoda SSO.
   2. Go to Token configuration.
   3. Click Add optional claim.
   4. Select ID as the token type.
   5. Check given_name and family_name, then click Add.
   6. If prompted to turn on Microsoft Graph profile permissions to make these claims available, accept.
   7. Save the configuration.

NOTE: After the initial login, CloudSoda remembers your authenticated login credentials.