SAML/SSO with Azure AD

This section explains step by step how to configure SAML single sign-on (SSO) between Litmus and Azure AD as the identity provider.

Things to note

  • New user seat creation is not supported via SAML. Users must be created within Litmus first and then authenticated via Okta prior to logging into Litmus.
  • Only the Litmus account holder will be able to access and configure SAML settings on an account.
  • SSO with SAML can only be configured at the parent account level and is automatically applied to all subaccounts on your plan.
  • SAML functionality is available with a Litmus Enterprise plan.

How to set up SAML/SSO with Azure AD

  1. Log in to Azure Active Directory Admin Center
  2. Go to Enterprise Applications
  3. Search for Litmus and choose it by clicking on the Name

Litmus in Azure AD Enterprise Applications

  1. Within the Litmus Application page, click “Single sign-on” in the left-hand menu
  2. From the menu, select “SAML” 

select SAML as SSO method

  1. Allow our Entity ID and Assertion Consumer Service URL to be added automatically
    • If you do not choose to allow this, you may find them and add them manually by continuing to the next steps
  2. As a Litmus Account Holder, go to https://litmus.com/team/security/saml
  3. Enable SAML and select “Generic” for the provider
  4. Name the application Azure AD
  5. If you did not add the Entity ID and Assertion Consumer Service URL automatically do the following:
    • Take the “Post-back URL (Assertion Consumer Service URL)” value and add it under “Reply URL”
    • Take the “Audience URL (Service Provider Entity ID)” value from Litmus and add it under “Identifier”

Reply URL and Identifier

  1. Next, go to Step 3 in Azure, download the provided certificate (Base64), and open it in your favorite text editor 
  2. Copy all of the text in the text editor from the Base64 certificate and paste it into Litmus under “X.509 Certificate”

copied text from Base64 cert

  1. Copy the "Login URL" found under Configuration URLs for the application in your Azure instance and add this as the "SAML 2.0 Endpoint (HTTP)" in Litmus 
  2. In the Litmus app, press "Save SAML Settings" to proceed
  3. Ensure that you have a Litmus user with the same email address as the one you are logged into Azure AD with by navigating to https://litmus.com/team/accounts/active.  If one does not exist please create a new user with that address.
  4. Click "Test this application" in Azure
  5. Select "Sign in as current user"

test SSO connection

  1. If the test is successful you will be sent to https://litmus.com/dashboard
  2. Now you can begin giving users permissions to the Litmus platform 
  3. Ensure you are still in the Litmus Enterprise Application in Azure
    • Click Users and Groups
    • Click Add user
  4. Email addresses of users in the Litmus application must match the email address of the user in your Azure AD

Email us if you have any issues!

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles