Microsoft Azure: Login with SAML / Entra ID

Setting up SAML in your account

This feature is not by default enabled for all accounts. If you'd like to enable this feature, let us know via the chat at the bottom right within Aikido.

Step 1. Go to General Settings and click 'Enable SAML Authentication'

Step 2. Copy all details to your identity provider. See steps below.

Continue in Azure

Step 1. Go to Microsoft Entra ID.

Step 2. Click the Add dropdown and select Enterprise application.

Step 3. Click Create your own application, choose a name for your app and select 'Non-gallery'.

Step 4. Select Set up single sign on.

Step 5. Click the SAML option.

Step 6. On step 1, click Edit.

Step 7. Fill in the Entity ID and ACS URL as shown in Aikido.

Step 8. At step 2, click Edit.

Step 9. Click the Unique User Identifier (Name ID).
Optional: clicking 'Add new claim' at the top of this page allows you to add custom attributes to SAML. More info here.

Step 10. Make sure to set Source attribute to user.mail here.

Step 11. At step 3 you can download the Certificate (Base64) & at step 4 you'll see the Login URL and Mircosoft Entra Identifier. These should be copy and pasted to Aikido.

Go back to Aikido

Fill in the Entity ID / Issuer, Single Sign-On URL and X.509 Certificate as shown in Azure.
Also fill out the Company Domain to make sure people can log in without the need of a Single Sign-On URL.

Success! People having access to your Azure SAML app will now be able to auto-onboard to your Aikido workspace.

2 options for users to login using your SAML client

Option 1. Using SSO Link Directly

Copy the Login Link and share this internally with other users.

Option 2. Going to the Aikido login screen, selecting Login Via SSO and filling in the email address Important: the email needs to contain the company domain that has been set up.

Google Workspaces: Login with SAML

Microsoft Azure: Custom attributes with SAML / Entra ID