This article outlines the SAML setup process using Azure for the mabl SSO integration. These steps should work with other SAML identity providers with a similar setup. If you use Okta or a similar setup to Okta, check out SAML setup: Okta.
Reach out to support
To initiate the SAML setup, reach out to mabl support through the in-app chat or by email: email@example.com. Tell support that you'd like to configure a SAML connection using Azure and share a link to your mabl workspace.
If your company wants to set up domain lock or configure the SAML connection for multiple domains, let the support team know:
- Domain lock: all mabl logins from your company's domain must use SSO. Read mabl SSO integration for more details on domain lock.
- Multiple domains: if some users log in to mabl with firstname.lastname@example.org and other users log in with email@example.com, let the support team know which domains you want to use. You can only use domains that your company fully owns.
Support provides you with the following values, which are required to configure the SAML connection:
- Identifier (Entity ID)
- Reply URL (Assertion Consumer Service URL)
Configure a SAML connection
In Azure, take the following steps:
- Go to Azure Active Directory > Enterprise Applications
- Select New Application
- Select + Create your own application
- Choose a Non-Gallery Application
- Enter a name that you want to use to recognize the instance of the application, such as "mabl."
- Click on the Create button
On the next menu:
- Select Single sign-on
- Select SAML
Add SAML settings
Enter the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) provided by mabl support.
User attributes and claims
Azure should automatically populate the following default user attribute claims:
- givenname: user.givenname
- surname: user.surname
- emailaddress: user.mail
- name: user.userprincipalname
- Unique User Identifier: user.mail
If everything looks correct, save your settings.
Share SAML config details with mabl support
Provide mabl support with either of the following:
- Metadata XML file
- Login URL, Azure AD identifier, Raw cert, App federation Metadata URL
This is a public key certificate. This means there is no security risk passing this to mabl through normal channels.
After mabl gets this information and sets up the required connection to your SAML application, your organization will be able to log in using SSO and restrict access with your identity provider of choice.