Skip to content

Connect Azure AD#

This page explains how to register an Azure AD application and share the credentials with Stakater Support so that users in your Azure AD tenant can log into KubeStack+.

Azure AD requires two separate app registrations: one for identity (this page) and one for group synchronization. Complete the identity registration first.

1. Register an application in Azure AD#

  1. Log in to the Azure Portal.
  2. Open the Azure Active Directory service.
  3. Under Manage, click App registrations, then New registration.
  4. Enter kubestackplus as the name.
  5. Under Redirect URI, select Web and enter the URI provided by Stakater Support.
  6. Click Register.

Azure AD app registration

2. Add API permissions#

Go to API permissions for the newly created app and add the following Microsoft Graph permissions:

  • User.Read
  • openid
  • profile
  • email

3. Create a client secret#

  1. Click Certificates & secrets in the left sidebar.
  2. Click New client secret.
  3. Enter kubestackplus-oidc as the description, choose an expiry, and click Add.
  4. Copy the Value of the new secret immediately — it will not be shown again.

Certificates and secrets

4. Share the credentials with Stakater Support#

From the app registration Overview tab, note the Application (client) ID and Directory (tenant) ID. Send these to Stakater Support via a secure channel along with the client secret:

  • Application (client) ID
  • Directory (tenant) ID
  • Client secret

Client and tenant IDs

With the identity provider registration complete, continue to Configure Azure group sync to synchronize your Azure AD groups into KubeStack+.