Azure Active Directory Configuration

  1. Login to Azure.
  2. Go to Azure Active Directory >> App registrations >> Your Registered App under Display Name
  3. Record the Application (client) ID


  4. Record the Directory (tenant) ID


  5. Go to Certificates & Secrets. Create a new client secret. Record your secret value to use in your Styra SSO configuration later on.
  6. Go to Authentication. Under Redirect URIs add the following URI: https://YOUR_TENANT.styra.com/v1/oauth2/callback


Styra Configuration

After you configure Okta, you must configure YOUR_TENANT.styra.com.

  1. Login to YOUR_TENANT.styra.com with your username and password.

  2. Go to your Workspace, click Settings >> Single Sign-On Providers and then click Add OpenID Connect Provider.

  3. Enter the following details in the form.

    • Provider name: The name for your identity provider setting. For example, Corporate Azure AD . This name will be visible for the users on the login page.
    • Issuer URL: https://login.microsoftonline.com/YOUR_DIRECTORY_TENANT_ID/v2.0 (Replace YOUR_DIRECTORY_TENANT_ID with then tenant ID recorded in Step 4
    • Client ID: Copy the Application Client ID value recorded in Step 3.
    • Client Secret: Copy the Client Secret value recorded in Step 5.
    • Allowed Domains: Type the allowed authentication domain(s) of your users. For example, retail.acme.com. If the identity provider supports multiple domains, only users with these domains are allowed to access the service.

    • Invited users only

      • If enabled, the authenticated user must have a pre-existing account in the service. 

      • If disabled, a new user account will be created just-in-time for any authenticated user, as long as the user's domain matches one of the allowed domains (and the identity provider has assigned this user to the Styra application).

    • Enabled: Set it to TRUE.

  4. If you have selected just-in-time provisioning for the users, then you can now logout from YOUR_TENANT.styra.com and sign-in again through Azure. Azure is now displayed on the YOUR_TENANT.styra.com login screen above the username and password.

Invite Users to Styra (Optional)

If you configured jason.styra.com to allow only invited users to login to the service, then you must create users on jason.styra.com. You can create users through the CLI only.

  1. Download the CLI from jason.styra.com. Make sure you are logged in, and then download the CLI from the following:

    MacOS X: https://YOUR_TENANT.styra.com/v1/docs/bin/darwin/amd64/styra.

    Linux: https://YOUR_TENANT.styra.com/v1/docs/bin/linux/amd64/styra.

    Windows: https://YOUR_TENANT.styra.com/v1/docs/bin/windows/amd64/styra.exe.

  2. Copy the downloaded file as styra or styra.exe in your shell's executable path and make the binary executable.
    # Varies depending on your OS, shell, and executable path
    mv ~/Downloads/styra /usr/local/bin/styra
    chmod u+x /usr/local/bin/styra
  3. Configure the CLI to use the username and password by running styra configure and provide the following values when prompted:

    Organization ID: YOUR_TENANT.styra.com.
    Access token: You can leave this empty for now.
    Username: The username you use to login to YOUR_TENANT.styra.com.
    Password: Your password.

    The configuration settings are written to a local file at ~/.styra/config.

  4. To create a user on jason.styra.com with the CLI, run styra create styra create <email>, where <email> is the email address of the user. For example, to create user alicia@hooli.com, run styra create user alicia@hooli.com.

    When prompted for a password, you must provide the password created by the user. This criteria is essential only if you want the user to have a username or password for logging into YOUR_TENANT.styra.com, in addition to signing in with SSO. If you want the user to only sign on using SSO, then leave the password field empty.

    Verify that your SSO configuration works. In your browser, logout from YOUR_TENANT.styra.com and sign in again using Okta button on the login page.