Setting up Azure AD SSO for Bitrise

SAML SSO restrictions

SAML SSO is only available for a Workspace with the Velocity or Enterprise Build plans.

Since the SAML SSO feature is tied to the above plans, if you decide to downgrade, you will lose this feature. All Workspace members will receive an email about the downgrade and you’ll have two weeks to re-upgrade if you wish to use SAML SSO in your Workspace again.

Before connecting SAML SSO to your Workspace:

  • Make sure an Azure AD administrator who is logged into Azure AD is at hand.

  • Be aware that only the Workspace owner can set up SAML SSO to a Bitrise Workspace.

  • Your account on Bitrise has a Workspace with the Velocity or Enterprise plan.

You will need to:

Adding Bitrise to Azure AD as a new application

  1. Log into Microsoft Azure as an admin.

  2. Click the Azure Active Directory icon on the Azure services page.

    azureactivedirstep2-1.jpg
  3. Click Enterprise applications under Manage.

    enterpriseapps-1.jpg
  4. Click New Application to add Bitrise as a new app to your account.

    newapplication-jpg.jpg
  5. Type Bitrise in the What’s the name of your app? field. The Integrate any other application you don’t find in the gallery button should be automatically selected. Hit Create.

    createyourownapp-1.jpg

    You will find your newly created app listed on the All Applications page.

  6. Click the Bitrise app to go to its Overview page.

  7. Continue with configuring Bitrise as a SAML app.

Adding users/ groups to the app on Azure AD

Before setting up SAML to the app, you have to add all the users/groups to the app in Azure AD who will use SAML SSO to log into the Bitrise Workspace. In other words, every Bitrise Workspace member must be added as user in Azure AD.

  1. Select Users and groups from the left menu.

  2. Click + Add user/group.

    azureuser1-1.jpg
  3. On the Users page of Add Assignment, select users from the list and click Select. Once it’s done, you can select a role for users under the Select a role dropdown.

    azureuser2-1.jpg
  4. On the Add Assignment page, click Assign to finish adding users.

    azureuser3b-1.jpg

Setting up SAML SSO between Bitrise and Azure AD

  1. Click Single sign-on on the left menu. Select SAML.

    singlesignonazuread.png
  2. You will land on the Set up Single Sign-On with SAML page.

    sso2-1.jpg
  3. Click the pencil symbol at Basic SAML Configuration to edit two fields.

    sso2a-1.jpg
  4. Add Bitrise as the Identifier (Entity ID). Leave this window open! We will come back to it with some information from Bitrise in a second.

    sso3-2.jpg
  5. Head back to your Workspace on Bitrise.

  6. Click the Single Sign On tab and click the Copy Link button to copy the Assertion Consumer Service URL (ACS URL) from Bitrise.

  7. Let’s head back to the Basic SAML Configuration window of Azure AD.

  8. Paste the Assertion Consumer Service URL from Bitrise to the Reply URL field on the Basic SAML Configuration page of Azure AD.

  9. Click Save and close the Basic SAML Configuration window.

    /img/sso3-2.jpg
  10. On the Single sign-on page of Azure AD, scroll down to the Set up Bitrise section.

  11. Copy the Login URL and paste it to the SAML SSO provider Single Sign-On URL (SSO URL) field on Bitrise.

  12. On the Single sign-on page of Azure AD, scroll up a bit to the SAML Signing Certificate section.

  13. Click Download next to Certificate (Base64) to download the certificate to your local computer.

    singlesignonsummary.jpg
  14. Open the certificate file and copy/paste its content into the SAML SSO provider certificate field of Bitrise or you can upload the file itself from your local computer too.

    (If manually adding the content, you will need the full content (including ----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- as well).

  15. Hit Configure SSO on Bitrise.

    enablesinglesignonpage.png

You have successfully set up Bitrise as a SAML SSO app on Azure AD.