Microsoft Azure Entra ID (formerly Azure AD) SSO Setup

Set up the RudderStack SSO (Single Sign-On) feature with Microsoft Azure Entra ID.

This guide lists the steps to set up your Azure Entra ID SAML integration with RudderStack.


Features

The Azure Entra ID-RudderStack SAML integration supports the following features:

  • SP-initiated SSO
  • JIT(Just In Time) Provisioning

Setup

  1. Sign in to Microsoft Entra ID Admin Center.
  2. Go to Enterprise applications.
SAML certificates field
  1. Select All applications > New application.
SAML certificates field
  1. Search for SAML Toolkit and select the Microsoft Entra SAML Toolkit.
SAML certificates field
  1. In the right sidebar, name your application. Then, click the Create button at the bottom (not visible in the below screenshot).
SAML certificates field
  1. From the second sidebar, select Setup Single Sign On > Single Sign-on.
SAML certificates field
  1. Under Basic SAML Configuration, enter the following information:
FieldValue
Identifier (Entity ID)
Required
urn:amazon:cognito:sp:us-east-1_ABZiTjXia
Reply URL (Assertion Consumer Service URL)
Required
https://auth2.rudderstack.com/saml2/idpresponse
Sign on URL
Required
https://auth2.rudderstack.com/saml2/idpresponse
Relay State-
  1. Under Claims, remove any Additional claims.
  2. Click Add new claim and enter the following information:
FieldValueNotes
Emailuser.mail-
LastNameuser.displaynameChoose your preferred name, for example, display name or surname.
  1. In the Set up Single Sign-On with SAML page, go to the SAML Certificates section and copy the App Federation Metadata Url field.
SAML certificates field
  1. Share this URL with the RudderStack team to enable SSO for your organization.

Debugging SSO issues

There are times when an SSO login might fail for some users due to some reason. In such cases, the RudderStack team requires a HAR (HTTP Archive) file to inspect the requests and identify any SSO-related issues.

info
A HAR file is a log of exported network requests from the user’s browser. See the HAR Analyzer guide for steps on generating this file depending on your browser.

Once you generate the HAR file, share it with the RudderStack team to troubleshoot the issue.

warning

Note the following before capturing your HAR file:

  • Start from https://app.rudderstack.com/sso with a clean session, preferably in incognito mode of your browser.
  • Complete the SSO flow until the step where you face an error.
  • Your HAR file might contain sensitive data - make sure to redact it using a text editor before sharing it with the team.

Questions? Contact us by email or on Slack