SAML/SSO with Azure AD
This section explains step by step how to configure SAML single sign-on (SSO) between Litmus and Azure AD as the identity provider.
Things to note
- New user seat creation is not supported via SAML. Users must be created within Litmus first and then authenticated via Okta prior to logging into Litmus.
- Only the Litmus account holder will be able to access and configure SAML settings on an account.
- SSO with SAML can only be configured at the parent account level and is automatically applied to all subaccounts on your plan.
- SAML functionality is available with a Litmus Enterprise plan.
How to set up SAML/SSO with Azure AD
- Log in to Azure Active Directory Admin Center
- Go to Enterprise Applications
- Search for Litmus and choose it by clicking on the Name
- Within the Litmus Application page, click “Single sign-on” in the left-hand menu
- From the menu, select “SAML”
- Allow our Entity ID and Assertion Consumer Service URL to be added automatically
- If you do not choose to allow this, you may find them and add them manually by continuing to the next steps
- As a Litmus Account Holder, go to https://litmus.com/team/security/saml
- Enable SAML and select “Generic” for the provider
- Name the application Azure AD
- If you did not add the Entity ID and Assertion Consumer Service URL automatically do the following:
- Take the “Post-back URL (Assertion Consumer Service URL)” value and add it under “Reply URL”
- Take the “Audience URL (Service Provider Entity ID)” value from Litmus and add it under “Identifier”
- Next, go to Step 3 in Azure, download the provided certificate (Base64), and open it in your favorite text editor
- Copy all of the text in the text editor from the Base64 certificate and paste it into Litmus under “X.509 Certificate”
- Copy the "Login URL" found under Configuration URLs for the application in your Azure instance and add this as the "SAML 2.0 Endpoint (HTTP)" in Litmus
- In the Litmus app, press "Save SAML Settings" to proceed
- Ensure that you have a Litmus user with the same email address as the one you are logged into Azure AD with by navigating to https://litmus.com/team/accounts/active. If one does not exist please create a new user with that address.
- Click "Test this application" in Azure
- Select "Sign in as current user"
- Azure AD account email addresses must match those set up in Litmus (https://litmus.com/team/accounts/active)
- If the test is successful you will be sent to https://litmus.com/dashboard
- Now you can begin giving users permissions to the Litmus platform
- Ensure you are still in the Litmus Enterprise Application in Azure
- Click Users and Groups
- Click Add user
- Email addresses of users in the Litmus application must match the email address of the user in your Azure AD
Email us if you have any issues!