SSO with SAML: Azure

This article outlines the SAML setup process using Azure for the mabl SSO integration. These steps should work with other SAML identity providers with a similar setup. If you use Okta or a similar setup to Okta, check out SAML setup: Okta.

Reach out to support

To initiate the SAML setup, reach out to mabl support through the in-app chat or by email: [email protected]. Tell support that you'd like to configure a SAML connection using Azure and share a link to your mabl workspace.

📘

Helpful information

If your company wants to set up domain lock or configure the SAML connection for multiple domains, let the support team know:

  • Domain lock: all mabl logins from your company's domain must use SSO. Read mabl SSO integration for more details on domain lock.
  • Multiple domains: if some users log in to mabl with [email protected] and other users log in with [email protected], let the support team know which domains you want to use. You can only use domains that your company fully owns.

Support provides you with the following values, which are required to configure the SAML connection:

  • Identifier (Entity ID)
  • Reply URL (Assertion Consumer Service URL)

Configure a SAML connection

In Azure, take the following steps:

  • Go to Azure Active Directory > Enterprise Applications
  • Select New Application
  • Select + Create your own application
  • Choose a Non-Gallery Application
  • Enter a name that you want to use to recognize the instance of the application, such as "mabl."
  • Click on the Create button

On the next menu:

  • Select Single sign-on
  • Select SAML

Add SAML settings

Enter the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) provided by mabl support.

User attributes and claims

Azure should automatically populate the following default user attribute claims:

  • givenname: user.givenname
  • surname: user.surname
  • emailaddress: user.mail
  • name: user.userprincipalname
  • Unique User Identifier: user.mail

If everything looks correct, save your settings.

Share SAML config details with mabl support

Provide mabl support with either of the following:

  • Metadata XML file
  • Login URL, Azure AD identifier, Raw cert, App federation Metadata URL

📘

X.509 Certificate Security

This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.

After mabl gets this information and sets up the required connection to your SAML application, your organization will be able to log in using SSO and restrict access with your identity provider of choice.