SAML/SSO with Azure AD

Account Holders have numerous security settings available in Litmus and options that protect users and content. You can configure SAML single sign-on between Litmus and Azure as the identity provider.

Before you start

  • Only the Account Holder can access and configure SAML settings in Litmus.
  • New user seat creation is not supported via SAML. Users must be created within Litmus first and then authenticated via your IdP prior to them logging into Litmus.
  • SSO with SAML can only be configured at the parent account level and is automatically applied to all subaccounts on your plan.

NOTE: SAML functionality is available with Litmus Enterprise plans

Start with Litmus settings

Sign in to Litmus, find Your Subaccounts in the left menu, then Security and finally the SAML tab in the popup window.

Slide the  Enable SAML toggle to on.

If you would like to require your users to only access Litmus via SSO, you can select the  Enforce sign-in with SAML box.

NOTE: When this option is active, the main Litmus account holder will still be able to sign in to Litmus using their Litmus credentials via the Litmus login screen. This is to prevent the main account holder from getting locked out of full account administrative functionality. Other users will be required to log in via SAML. Password resets using the Forgotten Password? option on the regular Litmus login screen will be disabled for all users.

Select Generic as your IDP.

Name the application Azure AD.

Animation of enabling SAML in Litmus settings

Automatic Azure AD setup

Log in to Azure Active Directory Admin Center. Go to Enterprise Applications. Search for Litmus and choose it by selecting the app name.

Litmus in Azure AD Enterprise Applications

Within the Litmus Application page in Azure, choose Single sign-on in the left-hand menu, then select SAML.

select SAML as SSO method in Azure AD

Allow our Entity ID and Assertion Consumer Service URL to be added automatically. Otherwise, use the following manual setup steps.

Continue with manual Azure AD setup

From Litmus, copy the  Post-back URL (Assertion Consumer Service URL) value and add it in the Azure Step 1 Reply URL.

From Litmus, copy the  Audience URL (Service Provider Entity ID) value and add it to the Azure Identifier.

Litmus SAML setup window with Post-back URL and Audience URL outlined
Enlarge Postback image

Reply URL and Identifier in Azure AD
Enlarge Reply URL image

Next, go to Step 3 in Azure, download the provided Certificate (Base64), and open it in your favorite text editor. 

Copy all of the text from the Base64 certificate and paste it into Litmus under X.509 Certificate.

From Step 5, copy the Login URL found under Configuration URLs for the application in your Azure instance and add this as the SAML 2.0 Endpoint (HTTP) in Litmus 

Step 3 in Azure showing Certificate Base64 download
Enlarge Certificate Base64 image

Step 5 in Azure showing the Configuration URLs
Enlarge Azure Configuration URLs image

Litmus SAML setup window with SAML 2.0 endpoint and X.509 certificate fields

In Litmus, select Save SAML settings to finish your setup.

Test your connection

Make sure that you have a Litmus user with the same email address as the one you are logged into in Azure AD. If one does not exist, create a new user with that same email address. Select  Test this application in Azure, then Sign in as current user.

test SSO connection

If the test is successful you will be sent to your Litmus home page. Next, you can begin giving users permission to the Litmus platform from the Litmus Enterprise Application in Azure.

Select Users and Groups, then Add user. Email addresses for Litmus users must match the email addresses in your Azure AD account.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.

Still need help? Contact Us Contact Us

Related Articles