ARTIFACTORY: How To Configure Artifactory SAML SSO with Azure AD

ARTIFACTORY: How To Configure Artifactory SAML SSO with Azure AD
Products
Frog_Artifactory
Content Type
Installation_Setup
AuthorFullName__c
Andrey Granovsky, Marwa Sharif
articleNumber
000005334
ft:sourceType
Salesforce
FirstPublishedDate
2022-07-18T09:23:17Z
lastModifiedDate
2025-06-08
VersionNumber
12
Starting from Artifactory version 7.83.1 on Cloud and Artifactory version 7.98.7 Self-Hosted multiple configurations for SAML SSO providers are supported.
If Multiple SAML SSO Configuration is enabled on your Platform, please refer to our SAML SSO Configuration documentation.
Here’s what you will need to do in order to integrate your JFrog platform with Azure Active Directory using SAML SSO. 

Note
 This support article includes instructions based on your Artifactory version.
 Please make sure to follow the section that matches your version:
Artifactory version 7.98.7 and above
Artifactory version below 7.98.7

  • 

 
 
Relevant for Artifactory version above 7.98.7
On Azure:

1. In the Azure portal, on the JFrog Artifactory application integration page, find the Manage section and select Single sign-on and then select SAML.
User-added image 

2. On the "Set up Single Sign-On with SAML" page, click the Edit icon for Basic SAML Configuration to edit the settings:

In the Identifier text box, enter your JFrog Platform URL:
 
$JFROG-URL/
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/

 
In the Reply URL text box, enter the SAML URL for your JFrog Platform service:
 
$JFROG-URL/ui/api/v1/auth/saml/loginResponse/<Setting-Name> 
*(NOTE: Setting-Name is the same name provided to the Display Name in Artifactory)
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/ui/api/v1/auth/saml/loginResponse/marwa-azure

 
In the Sign-on URL text box, enter the login URL for your JFrog Platform:
 
$JFROG-URL/ui/login
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/ui/login

 
3. If needed, click the Edit icon to open the User Attributes & Claims dialog to add custom mappings to your SAML token attributes configuration. This will be needed on the JFrog side, as can be seen later in this document.
User-added image 

​​​​​​4. In the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, locate the Certificate (Base64) and Download it to your computer. You will need to insert the certificate on the JFrog Platform later.
User-added image 

5. In the Set up JFrog Artifactory section, copy the appropriate URLs based on your requirement.
User-added image 

On JFrog Platform:

With Azure Active Directory configured, we can now set up the SAML SSO on the JFrog Platform to work with it. In the Administration module, go to Security | SAML SSO, enable SAML integration, and enter the needed information as in the screenshot and the steps below:

User-added image 

 
 
 
  • Enter the Base64 certificate previously downloaded from the SAML Signing Certificate section.
  • Enter the user attributes for group and email (accessible from Azure side, step 3):

    • The Group Attribute in the SAML login XML response.
    • The Email Attribute is for when “Auto Create Artifactory Users” is enabled or an internal user exists, Artifactory will set the user's email to the value in this attribute that is returned by the SAML login XML response, as can be seen in the following image:
    

 
User-added image
 
  • Select other options as shown and click Save.
 

Relevant for Artifactory version below 7.98.7
 
On Azure:
 
1. In the Azure portal, on the JFrog Artifactory application integration page, find the Manage section and select Single sign-on and then select SAML.
 
User-added image


 
2. On the "Set up Single Sign-On with SAML" page, click the Edit icon for Basic SAML Configuration to edit the settings:
 
User-added image


 
In the Identifier text box, enter your JFrog Platform URL:
 
$JFROG-URL/ui/login
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/ui/login
 
In the Reply URL text box, enter the SAML URL for your JFrog Platform service:
 
$JFROG-URL/artifactory/webapp/saml/loginResponse
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/artifactory/webapp/saml/loginResponse
 
In the Sign-on URL text box, enter the login URL for your JFrog Platform:
 
$JFROG-URL/ui/login
 
For JFrog Cloud users that would be:
 
https://<servername>.jfrog.io/ui/login
 
3. If needed, click the Edit icon to open the User Attributes & Claims dialog to add custom mappings to your SAML token attributes configuration. This will be needed on the JFrog side, as can be seen later in this document.
User-added image

​​​​​​4. In the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, locate the Certificate (Base64) and Download it to your computer. You will need to insert the certificate on the JFrog Platform later.
 
 
 
User-added image


 
5. In the Set up JFrog Artifactory section, copy the appropriate URLs based on your requirements.

 
User-added image

 
 
 
On JFrog Platform:
 
With Azure Active Directory configured, we can now set up the SAML SSO on the JFrog Platform to work with it. In the Administration module, go to Security | SAML SSO, enable SAML integration, and enter the needed information as in the screenshot and the steps below:
 
 
 
 
User-added image

 
 
 
  • 

    Enter the SAML Login and Logout URLs that were provided to you in the Setup JFrog Artifactory section.
    

  • 

    SAML Service Provider Name, enter what you have as the Identifier on the Azure side (which should be the base URL of your JFrog Platform service):
    

 
https://<servername>.jfrog.io/ui/logi
 
  • 

    Enter the Base64 certificate previously downloaded from the SAML Signing Certificate section.
    

  • 

    Enter the user attributes for group and email (accessible from Azure side, step 3):
    

    • 

      The Group Attribute in the SAML login XML response.
      

    • 

      The Email Attribute is for when “Auto Create Artifactory Users” is enabled or an internal user exists, Artifactory will set the user's email to the value in this attribute that is returned by the SAML login XML response, as can be seen in the following image:
      

    

 
 User-added image
 
  • 

    Select other options as shown and click Save.
     
    

 
 
Notes Regarding the configuration:
 
  • Kindly note that the “SAML Logout URL” is responsible for what will happen once you log out as a SAML user. Therefore, in the above example, the user will be logged out of other Azure applications as well. Should you want to only log out of your JFrog Platform, replace the logout URL with: $JFROG-URL/ui/login/ (hence the difference in the two screenshots).
  • Auto Create Artifactory Users - When set, authenticated users are automatically created in Artifactory. When not set, for every request from an SSO user, the user is temporarily associated with default groups (if such groups are defined), and the permissions for these groups apply. Without automatic user creation, you must manually create the user inside Artifactory to manage user permissions not attached to their default groups.
  • Allow Created Users Access To Profile Page - Auto created users will have access to their profile page and will be able to perform actions such as generating an Identity Token.
 
If you want more information, you can review Microsoft's tutorial or the following blog post on our website