SSO with SAML: Azure
Before you start
Reach out to mabl support through in app chat or [email protected] to initiate the SAML setup process. You will need the reply url and audience values provided by support in order to complete the setup. Please also share with support that you are using Azure as you Identity Provider.
Outlined here is the SAML set up process using Azure as an example of mabl SSO integration. This should work with other SAML identity providers with a similar setup. If you use Okta, try these docs instead: Single sign on with SAML: Okta
- Within Azure, navigate to
Azure Active Directory > Enterprise Applications
- Then select
+ New Application
- Then select
+ Create your own application
- choose a
- Give the application a name and click `Create
From the next menu:
Basic SAML Configuration
- Identifier (Entity ID): Provided by mabl support
- Reply URL (Assertion Consumer Service URL): Provided by mabl support
- Sign on URL: Optional
- Relay State: Optional
- Logout Url: Optional
User Attributes & Claims
Azure should automatically populate the following default user attribute claims:
- Unique User Identifier:
Pass¹ these off to mabl support:
App Federation Metadata URL
Federation Metadata XML
Azure AD Identifier
X.509 Certificate Security
This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.
mabl Login Domain Restriction
Once configured, users attempting to signup using the designated fully qualified domain name (e.g. mail.company.com) will be required to originate from your designated SAML provider.
Additional e-mail domains
If you have additional domains for your workspace, for example your main connection is for [email protected] and you will also have users logging into your workspace with [email protected] let our support team know when configuring your SAML connection and mabl can add those domains to your domain lock as well. Any additional domains will also be included in the domain lock. You may only use domains that your company fully owns.
After mabl gets this information and sets up the required connection to your SAML application, your organization will be able to log in and restrict access with your identity provider of choice.
Updated 11 months ago