Managed Studio

Single Sign-On (SSO): Integrating with Microsoft Entra ID

Microsoft Entra ID is the new name for Azure AD (Azure Active Directory).

Microsoft Entra ID setup

Requirements

  • You will need to use an Entra ID users with sufficient administrative privileges
  • The Managed Studio application will require the GroupMember.Read.All permission for the Graph API in order to be able to support group-based access granting for machine pools
  • A client secret needs to be generated in Entra ID and provided for authenticating these API calls

Setup instructions

  1. Sign in to the Microsoft Entra admin center
  2. In the left navigation bar, click Applications
  3. Click App Registrations
  4. Click New Registration to register a new application Screenshot
  5. In the Name field, specify a name for the application (such as "Managed Studio SSO")
  6. For Supported account types select Accounts in this organizational directory only
  7. In the Redirect URI field, select Web from the dropdown menu, and enter: 
    https://app.managed.studio/auth/entra/callback
  8. Click Register Screenshot
  9. On the new page, copy the Application (client) ID and save this for later Screenshot
  10. Navigate to the Certificates and Secrets menu item
  11. Click New client secret
  12. Give the client secret a Description (such as "Managed Studio SSO")
  13. Set the expiration to 24 months
  14. Click Add Screenshot
  15. Copy the Value of the client secret and save this for later. Note that the client secret Value is distinct from the client secret ID Screenshot
  16. Navigate to the API permissions menu item
  17. Click Microsoft Graph Screenshot
  18. Click Application permissions
  19. Search for GroupMember.Read.All
  20. Select GroupMember.Read.All
  21. Click Update permissions Screenshot
  22. Back on the permissions list, click Grant Admin Consent for [your Directory’s name]
  23. Click Yes Screenshot
  24. Navigate to the Token configuration menu item
  25. Click Add groups claim Screenshot
  26. Select Groups assigned to the application
  27. Click Add Screenshot

Enabling Single sign-on in Managed Studio

  1. Navigate to the Settings page
  2. Click Single sign-on
  3. Click New provider Screenshot
  4. Customise or use the default Name for the Entra connection (this will be shown on the login page)
  5. Enter the Entra ID Directory Domain that the application was registered within. Please refer to Microsoft's documentation to locate your directory domain name
  6. Enter the Client ID you previously copied from the Entra admin center
  7. Enter the Client Secret you previously copied from the Entra admin center
  8. Click Create Screenshot

Signing in with Single sign-on

  1. Navigate to your dedicated login page and click the Continue with Entra ID button Screenshot

Finding your Single sign-on URL

  1. Navigate to the Settings page
  2. Click Single sign-on
  3. Your Single sign-on URL is show at the top of the page Screenshot

Accepting invitations with Single sign-on

  1. When accepting an invitation, click the Continue with Entra ID button Screenshot