# SSO Configuration - Azure (Microsoft) ## SSO Configuration Process for using the FinOps Platform #### Welcome to Pier Cloud! Pier Cloud is our centralized platform for managing cloud data and services. Our priority is to ensure that access to resources is secure, convenient, and efficient. This document was elaborated to guide you through setting up access to Pier Cloud via Single Sign-On (SSO). This guide covers the steps required to set up SSO with Pier Cloud, including integration with external identity providers such as Microsoft Azure Active Directory. You'll find detailed instructions, along with screenshots and examples, to make the setup process easier. If you have any questions during the setup process or need additional assistance, please don’t hesitate to contact our support team. We are here to help ensure a smooth transition to SSO access and maximize the benefits that Pier Cloud offers. #### #### Below are the steps required to configure SSO using the Azure Active Directory provider. 1. Go to and access the Microsoft Entra ID menu:

2. In the **Microsoft Entra ID** section, select the **App registrations** option in the side menu:

3. Click on the **New registration** button:

4. On the application creation page, enter the following data: * App Name: "**piercloud-finops-platform-sso**" * Select the option "**Accounts in this organizational directory only (DOMAIN only – Single tenant)**" * Select the Web option and **add the redirect URL provided by Pier Cloud.** Click on the "**Register**" button

5. After creating the application, click on the option "**Add a certificate or secret**"

6. Click on the "**New client secret**" button. In the form on the side, click on the **Add** button:

7. Send the generated **Value, Secret ID** and **Expiration Date** to the PierCloud team:

8. Click on Overview and send the **Application (client) ID** and **Directory (tenant) ID** to PierCloud team.

9. To continue we need to add some permissions, in the search field, look for **App registrations**, as illustrated in the image below.

10. Here click on the created APP registration (in this case we will use an App created for testing "piercloud-finops-platform-sso") as illustrated in the image below.

11. In this step, click on **Manage**, as illustrated in the image below.

12. Here click on **API permissions**.

13. In this step, click on **Microsoft Graph** and a window will appear on the right. In the "Select permissions" field, look for **GroupMember.Read.All**. Then click on Update permissions, as shown in the image below: **Be careful when selecting, as there are permissions with similar names. Make sure you choose the correct permission**

14. In the same window as the previous step, in the "**Select permissions**" field, look for **User.Read**, as illustrated in the image below. Make sure you select the correct permission, as there are similar options. After this process, in the bottom left menu, click on **Token configuration**.

15. Here click on **+ ADD groups** **claim**, as illustrated in the image below.

16. Click the "**Groups assigned to the application (recommended for large enterprise companies to avoid exceeding the limit on the number of groups a token can emit)**" checkbox, then click **Add**, as shown in the image below. **Note**: When you select this option, the groups that are in the organization's enterprise agreement will be selected.

17. Token configuration, created successfully! As illustrated in the image below.

18. We need to add the AD groups to the created application (**piercloud-finops-platform-sso**). To do this, use the search bar to find **Microsoft Entra ID**. When you find it, click on the name that was searched, as illustrated in the image below.

19. Here click on **Enterprise Applications**, in the bottom left menu, as illustrated in the image below

20. In this step, use the search field again to locate the application you created (in this case, **piercloud-finops-platform-sso**). Once you have found the desired application, click on its name, as illustrated in the image below.

21. Here click on **User and groups**, in the bottom left menu, as illustrated in the image below.

22. Click on **+ Add user/group** to select the groups that will have access to the application, as shown in the image below. To access the Azure documentation click [here](https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/assign-user-or-group-access-portal?pivots=portal)!

23. That's it, the setup is complete. Below is a summary of the information you need to send to Pier Cloud.. * Secret Value * Secret ID * Application (Client) ID * Directory (Tenant) ID \ That's it, the configuration for single sign on using Azure Active Directory has been completed successfully.