Skip to main content
SAML Login Microsoft Azure: Login with SAML / Entra ID

Microsoft Azure: Login with SAML / Entra ID

This feature is only available on a Pro or Scale plan and is not enabled by default. If you’d like to enable this feature, please reach out via the chat in the bottom right corner within Aikido.

If you switch to SAML Login instead of auto-onboarding via your Git provider, team import from GitHub, Bitbucket, or Azure DevOps will no longer work. You will need to manage your teams manually moving forward, either through the Aikido UI or Access Profiles.

Setting up SAML in your account

Step 1. Go to General Settings and click 'Enable SAML Authentication'

Step 2. Copy all details to your identity provider. See steps below.

Continue in Azure

Step 1. Go to Microsoft Entra ID.

Step 2. Click the Add dropdown and select Enterprise application.

Step 3. Click Create your own application, choose a name for your app and select 'Non-gallery'.

Step 4. Select Set up single sign on.

Step 5. Click the SAML option.

Step 6. On step 1, click Edit.

Step 7. Fill in the Entity ID and ACS URL as shown in Aikido.

Step 8. At step 2, click Edit.

Step 9. Click the Unique User Identifier (Name ID).
Optional: clicking 'Add new claim' at the top of this page allows you to add custom attributes to SAML. More info here.

Step 10. Make sure to set Source attribute to user.mail here.

Step 11. At step 3 you can download the Certificate (Base64) & at step 4 you'll see the Login URL and Mircosoft Entra Identifier. These should be copy and pasted to Aikido.

Go back to Aikido

  • Fill in the Entity ID / Issuer, Single Sign-On URL and X.509 Certificate as shown in Azure.

  • Also fill out the Company Domain to make sure people can log in without the need of a Single Sign-On URL.

Success! People having access to your Azure SAML app will now be able to auto-onboard to your Aikido workspace.

2 options for users to login using your SAML client

Option 1. Using SSO Link Directly

Copy the Login Link and share this internally with other users.

Option 2. Going to the Aikido login screen, selecting Login Via SSO and filling in the email address Important: the email needs to contain the company domain that has been set up.