Microsoft Entra ID (Azure AD)
Note: SSO/SAML is available in our 50-99 and 100+ seat plans.
Setup and configuration
To set up your Steady account with SSO/SAML and Entra ID, you'll need to take the following steps. There is a manual step on our end, so we'll need the metadata URL from the last step along with a heads-up that you would like to enable SSO/SAML with Azure AD for your account.
Once we confirm that everything works, we'll disable password authentication and magic link sign-in capability completely for your account.
Here are the steps:
- Sign in to your Azure Portal and visit the Microsoft Entra ID section. You'll need to be a tenant administrator.
- From Enterprise Applications, click "New Application" and then "Non-Gallery Application"
- Name the application "Steady" and click the "Add" button to save it.
- Back on the "Enterprise Applications" page, click on "Steady" from the application list
- Click on "Set up single sign-on", then click "SAML"
- Under the "Basic SAML Configuration", use https://app.steady.space/saml/metadata for the "Identifier" and https://app.steady.space/saml/consume for the "Reply URL"
- By default, "User attributes and claims" will use "Email address" as the name identifier format, but if your configuration is different, then you may have to set this up:
- Under "SAML Signing Certificate", copy the "App Federation Metadata URL" and send it to us (help chat or support@support.steady.space)
- After you have yourself or other users provisioned, and we've installed the Metadata URL for your account, we can begin testing.
Test with Steady
- Once we've received your metadata URL, we'll enable SSO authentication for your account. You'll need to have the email addresses of the users in Steady match the users you have enabled for the application in Microsoft Entra ID.
- You can test the configuration at https://app.steady.spacesaml/sign_in.
- Once you've confirmed with us that the authentication is working as expected, we'll disable conventional login/password access for your account.
Provisioning users
We're working on provisioning users in Steady from Entra ID automatically, but for now it's a two-step process for each user:
- Add the user to the account in Steady and then assign them to a team. Make sure their email address is unique and the same one you have for them in Azure (or skip this step if the user already exists in Steady)
- Make sure the user is enabled in Microsoft Entra ID for the Steady app.