This article outlines the SAML setup process using Microsoft Entra ID for the mabl SSO integration. These steps should work with other SAML identity providers with a similar setup. If you use Okta or a similar setup to Okta, check out SAML setup: Okta.
Microsoft Entra ID was formerly known as Azure Active Directory (AD). Learn more.
Reach out to support
To initiate the SAML setup, reach out to mabl support through the in-app chat or by email: support@mabl.com. Tell support that you'd like to configure a SAML connection using Microsoft Entra ID and share a link to your mabl workspace.
Helpful information
If your company wants to set up domain lock or configure the SAML connection for multiple domains, let the support team know:
- Domain lock: all mabl logins from your company's domain must use SSO. Read mabl SSO integration for more details on domain lock.
- Multiple domains: if some users log in to mabl with someone@companya.com and other users log in with someone@companyb.com, let the support team know which domains you want to use. You can only use domains that your company fully owns.
Support provides you with the following values, which are required to configure the SAML connection:
- Identifier (Entity ID)*
- Reply URL (Assertion Consumer Service URL)
*The Identifier (Entity ID) may contain www.okta.com. This is a static string for mabl's SAML configuration. It does NOT indicate that you must use Okta as your Identity Provider or impact your existing Microsoft Entra ID connection.
Configure a SAML connection
In the Microsoft Azure portal, take the following steps to set up a SAML connection:
- Go to Microsoft Entra ID > Enterprise Applications
- Click on New Application
- Select + Create your own application
- On the Create your own application panel enter a name that you want to use to recognize the instance of the application, such as "mabl"
- Select Integrate any other application you don't find in the gallery (Non-gallery).
- In the All applications tab of your Enterprise applications, click on the newly created application.
- In the application overview, click on Set up single sign-on > SAML.
Add SAML settings
On the Single sign-on setup page, enter the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) provided by mabl support.
User attributes and claims
After adding SAML settings, the following default values should automatically populate in the Attributes and Claims section:
- givenname: user.givenname
- surname: user.surname
- emailaddress: user.mail
- name: user.userprincipalname
- Unique User Identifier: user.mail
If everything looks correct, save your settings.
Share SAML config details with mabl support
Provide mabl support with either of the following:
- Metadata XML file
- Login URL, Microsoft Entra ID identifier, Raw cert, App federation Metadata URL
X.509 Certificate Security
This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.
After mabl gets this information and sets up the required connection to your SAML application, your organization will be able to log in using SSO and restrict access with your identity provider of choice.