This guide provides step-by-step instructions on setting up Bitrise as a SAML application on Azure Active Directory (AD).
- an Azure AD administrator who is logged into Azure AD
- a Bitrise organization owner who is logged into his/her Bitrise organization (with Org Elite subscription)
Adding Bitrise to Azure AD ⚓
Bitrise is not an integrated application in the Azure AD portal so to set up SAML SSO with Azure, you will have to first add Bitrise as a non-gallery app to the portal.
- Log into your Azure AD account as an administrator.
- Click the
Azure Active Directoryon the left menu.
+ New Applicationto add Bitrise as a new app to your account.
Non-gallery applicationtile to add Bitrise manually to Azure AD.
Add your own application.
- Click the blue
Addbutton at the bottom of the page.
You have successfully added Bitrise as an app to Azure AD. Let’s continue with configuring it as a the SAML app!
Configuring Bitrise as a SAML app ⚓
A more intricate part of the procedure is to set up SAML between the Bitrise app and Azure AD. We will be jumping back and forth from the Bitrise organization account to the Azure portal so make sure both pages are available. In practice what this means is the organization owner should be logged into Bitrise and the Azure AD admin should be logged into Azure AD portal.
If you have followed the steps above, by now you should be on the Overview page of the added app where you can further configure your app.
Let’s do this!
Adding users/groups to the app on Azure AD ⚓
Before setting up SAML to the app, you have to add all the users/groups to the app in Azure AD who will use SAML SSO to log into the Bitrise organization. In other words, every Bitrise org member must be added as user in Azure AD.
Users and groupsfrom the left menu.
- Select all the users from the list so that Bitrise org members will be able to sign into Bitrise with SAML SSO.
Selectat the bottom of the page.
Assignat the bottom of the page.
You can see the list of added users:
Setting up SAML between the app and Azure AD ⚓
Single sign-onon the left menu.
You will land on the
Set up Single Sign-On with SAML - Previewpage where you can further configure the fields by clicking on the pencil symbols.
- Click the pencil symbol at
Basic SAML Configuration to edit two fields.
Identifier (Entity ID).
Leave this window open! We will come back to it in a second.
- Head back to your organization on Bitrise.
- Click the
Single Sign Ontab.
Copy Linkbutton to copy the
Single Sign-on URLfrom your Bitrise.
- Let’s head back to the
Basic SAML Configurationwindow of Azure AD.
Paste the URL to the
Reply URL field.
Saveand close the
Basic SAML Configurationwindow.
- Scroll down to
Set up Bitrise.
- Copy the
- Paste it to
Identity provider sign-on URLfield on your Bitrise organization account.
- Scroll up a bit to
SAML Signing Certificate.
Downloadnext to the
Certificateto download the certificate to your local computer.
Open the certificate file and copy/paste its content into the
Certificatefield of your Bitrise organization.
You will need the full content of the file (starting from
----BEGIN CERTIFICATE-----all the way to
Configure SSOon Bitrise.
Enabling SAML SSO on Bitrise ⚓
Now that you have established the connection between Bitrise and Azure AD, all there is left to do is enable SAML SSO on Bitrise. If you check the
People tab of your Bitrise organization, you will see that your SAML status is disabled.
- Check your emails associated with the email address you provided to your Bitrise organization.
You should have received an email from us:
Sign In via SSO.
Allow "organization name" to sign you inwindow, click
Authorizeif you trust the organization.
You should be landing on your organization’s Bitrise Dashboard. You can check on the
Groupstab who has been added to the org as a SAML user.
Congrats! You have successfully enabled the SAML connection! Since SAML SSO has not been enforced on your org yet, you can log in via SAML SSO or with your Bitrise credentials.
Enforcing SAML SSO on the organization ⚓
To be able to sign into Bitrise exclusively via SAML SSO, you have to enforce SAML on the organization. Mind you! You can only enforce SAML SSO on the org, if all org members have enabled their SAML SSO connection.
- Toggle the
Enforce SAML SSOswitch to the right on the
Single Sign Ontab of the org.
From now on, org members will be able to log in exclusively via SAML SSO.