Setting up Azure AD SSO for Bitrise

This guide provides step-by-step instructions on setting up Bitrise as a SAML application on Azure Active Directory (AD).

This requires:

Adding Bitrise to Azure AD

Bitrise is not an integrated application in the Azure AD portal so to set up SAML SSO with Azure, you will have to first add Bitrise as a non-gallery app to the portal.

  1. Log into your Azure AD account as an administrator.
  2. Click the Azure Active Directory on the left menu.
  3. Click Enterprise applications under Manage.

    Setting up Azure AD SSO for Bitrise

  4. Click + New Application to add Bitrise as a new app to your account.

    Setting up Azure AD SSO for Bitrise

  5. Click the Non-gallery application tile to add Bitrise manually to Azure AD.

    Setting up Azure AD SSO for Bitrise

  6. Type Bitrise in the Name field under Add your own application.

    Setting up Azure AD SSO for Bitrise

  7. Click the blue Add button at the bottom of the page.

You have successfully added Bitrise as an app to Azure AD. Let’s continue with configuring it as a the SAML app!

Configuring Bitrise as a SAML app

A more intricate part of the procedure is to set up SAML between the Bitrise app and Azure AD. We will be jumping back and forth from the Bitrise organization account to the Azure portal so make sure both pages are available. In practice what this means is the organization owner should be logged into Bitrise and the Azure AD admin should be logged into Azure AD portal.

If you have followed the steps above, by now you should be on the Overview page of the added app where you can further configure your app.

Let’s do this!

Adding users/groups to the app on Azure AD

Before setting up SAML to the app, you have to add all the users/groups to the app in Azure AD who will use SAML SSO to log into the Bitrise organization. In other words, every Bitrise org member must be added as user in Azure AD.

  1. Select Users and groups from the left menu.
  2. Select all the users from the list so that Bitrise org members will be able to sign into Bitrise with SAML SSO.
  3. Click Select at the bottom of the page.
  4. Click Assign at the bottom of the page.

    You can see the list of added users:

    Setting up Azure AD SSO for Bitrise

Setting up SAML between the app and Azure AD

  1. Click Single sign-on on the left menu.
  2. Select SAML.

    You will land on the Set up Single Sign-On with SAML - Preview page where you can further configure the fields by clicking on the pencil symbols.

    Setting up Azure AD SSO for Bitrise

  3. Click the pencil symbol at Basic SAML Configuration to edit two fields.
  4. Add Bitrise as the Identifier (Entity ID).

    Leave this window open! We will come back to it in a second.

  5. Head back to your organization on Bitrise.
  6. Click the Single Sign On tab.
  7. Click the Copy Link button to copy the Single Sign-on URL from your Bitrise.

    Setting up Azure AD SSO for Bitrise

  8. Let’s head back to the Basic SAML Configuration window of Azure AD.
  9. Paste the URL to the Reply URL field.

    Setting up Azure AD SSO for Bitrise

  10. Click Save and close the Basic SAML Configuration window.
  11. Scroll down to Set up Bitrise.
  12. Copy the Login URL.
  13. Paste it to Identity provider sign-on URL field on your Bitrise organization account.
  14. Scroll up a bit to SAML Signing Certificate.
  15. Click Download next to the Certificate to download the certificate to your local computer.

    Setting up Azure AD SSO for Bitrise

  16. Open the certificate file and copy/paste its content into the Certificate field of your Bitrise organization.

    You will need the full content of the file (starting from ----BEGIN CERTIFICATE----- all the way to -----END CERTIFICATE-----).

  17. Click Configure SSO on Bitrise.

Enabling SAML SSO on Bitrise

Now that you have established the connection between Bitrise and Azure AD, all there is left to do is enable SAML SSO on Bitrise. If you check the People tab of your Bitrise organization, you will see that your SAML status is disabled.

  1. Check your emails associated with the email address you provided to your Bitrise organization.

You should have received an email from us: Setting up Azure AD SSO for Bitrise

  1. Click Sign In via SSO.
  2. On the Allow "organization name" to sign you in window, click Authorize if you trust the organization.

    You should be landing on your organization’s Bitrise Dashboard. You can check on the Groups tab who has been added to the org as a SAML user.

    Setting up Azure AD SSO for Bitrise

Congrats! You have successfully enabled the SAML connection! Since SAML SSO has not been enforced on your org yet, you can log in via SAML SSO or with your Bitrise credentials.

Enforcing SAML SSO on the organization

To be able to sign into Bitrise exclusively via SAML SSO, you have to enforce SAML on the organization. Mind you! You can only enforce SAML SSO on the org, if all org members have enabled their SAML SSO connection.

  1. Toggle the Enforce SAML SSO switch to the right on the Single Sign On tab of the org.
  2. Click Save Changes.

From now on, org members will be able to log in exclusively via SAML SSO.

Setting up Azure AD SSO for Bitrise

SAML SSO on Bitrise

If you’d like to learn more about SAML SSO on Bitrise, check out our SAML SSO in organizations guide.