Skip to main content

Configuring Microsoft Entra ID for Single Sign-On for the Cost and Compliance Module

Stax integrates with your corporate identity using SAML. This allows you to bring your own identities and identity management controls to the Stax platform. Entra ID (formerly Azure Active Directory) is Microsoft's cloud-hosted identity solution. It supports integration with applications as a SAML identity provider (IdP) and is available for use by most organizations with a Microsoft 365/Office 365 tenancy.

note

This guidance assumes you're subscribed only to the Cost & Compliance module of Stax. If your AWS accounts are Stax-managed and you are seeing this message, please see here.

Before You Begin

  • Estimated time to complete: 1 hour

  • Ensure you are a member of the Admin role in Stax

  • You need to be a member of the Global Admins role in Entra ID, or be delegated equivalent access to Enterprise Applications by an administrator

Request the SSO Configuration details from Support

Before you can start setting up Entra ID, you'll need some details that Stax's Customer Support team can provide you. Get in touch and request the SSO URLs for your tenancy. you'll be provided:

Configure Entra ID

Open the Entra ID console and follow the steps:

  1. From the header, search for App registrations

  2. Click New registration

  3. For name, enter Stax

  4. For Supported account types, ensure Accounts in this organizational directory only is selected

  5. Choose Client Application for the Platform configuration

  6. Press Register to create the application

  7. Press Add a platform to add a new platform

  8. Choose Web for the type of the application

  9. In the redirect field above, provide your callback URL the Support team gave you, e.g. https://app.stax.io/auth/azure_ad/my-token-here/callback

  10. Press Configure

  11. On the left, press Certificates & Secrets

  12. Choose New client secret

  13. Give the secret a description of Stax SSO, and choose Never for expires

  14. Record the value of the newly-added Client Secret Go back to overview, and record the value of Application (client) ID

Provide the details to Support

Provide support with the Application (client) ID and Client Secret you captured earlier. Additionally, provide your Entra ID tenant ID. The Customer Support team will then configure SSO for your Stax tenancy and inform you once it's been completed.

From then on, you can either directly navigate to your Trigger URL to log in, or alternatively, provide support with an email domain, to automatically trigger all authentication requests for that domain to log in via your SSO provider.