Microsoft Azure Entra ID (formerly Azure AD) SSO Setup

This guide lists the steps to set up your Azure Entra ID SAML integration with RudderStack.

Features

The Azure Entra ID-RudderStack SAML integration supports the following features:

• SP-initiated SSO
• JIT(Just In Time) Provisioning

Setup

1. Sign in to Microsoft Entra ID Admin Center.
2. Go to Enterprise applications.

3. Select All applications > New application.

4. Search for SAML Toolkit and select the Microsoft Entra SAML Toolkit.

5. In the right sidebar, name your application. Then, click the Create button at the bottom (not visible in the below screenshot).

6. From the second sidebar, select Setup Single Sign On > Single Sign-on.

7. Under Basic SAML Configuration, enter the following information:

8. Under Claims, remove any Additional claims.
9. Click Add new claim and enter the following information:

10. In the Set up Single Sign-On with SAML page, go to the SAML Certificates section and copy the App Federation Metadata Url field.

11. Share this URL with the RudderStack team to enable SSO for your organization.

Debugging SSO issues

There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.

A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.

Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.

Note the following before capturing your HAR file:

• Start from https://app.rudderstack.com/sso with a clean session, preferably in incognito mode of your browser.
• Complete the SSO flow until the step where you face an error.
• Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.

Questions? Contact us by email or on Slack