SAML SSO Configuration with Azure

JFrog Platform Administration Documentation

Content Type
Administration / Platform
ft:sourceType
Paligo

This procedure describes how to configure JFrog Artifactory SAML SSO with Azure Active Directory.

Note

This procedure is for Artifactory versions that support multiple SAML SSO configurations. From Artifactory version 7.83.1, the ability to create multiple configurations for SAML SSO providers is gradually being rolled out to Cloud only. For more information about multiple SAML SSO configurations see SAML SSO.

Before creating multiple SAML configurations, JFRog recommends deleting the old configuration and reconfiguring it with a different setting name other than Default. If you reconfigure your SAML configuration, you must also update the relevant information in the Identity Provider server.

To set up Azure to work with Artifactory versions that support single SAML SSO configuration, see https://jfrog.com/help/r/artifactory-how-to-configure-artifactory-saml-sso-with-azure-ad.

To set up Azure to work with SAML SSO:

  1. In the Azure portal, on the JFrog Artifactory application integration page, in the Manage section, select Single sign-on and then select SAML.

    azure-portal-samle-setup.png
  2. To edit the settings, in the Set up Single Sign-On with SAML page, in the Basic SAML Configuration section, click the Edit icon.

    edit-edit-saml-config.png
    • In the Identifier text box, enter your JFrog Platform URL.

      $JFROG-URL

      For JFrog Cloud users that would be:

      https://<servername>.jfrog.io
      
    • In the Reply URL text box, enter the SAML URL for your JFrog Platform service.

      For SelfHosted, use the following:

      http://<servername>/ui/api/v1/auth/saml/loginResponse/<setting_name>

      For JFrog Cloud users that would be:

      http://<servername>.jfrog.io/ui/api/v1/auth/saml/loginResponse/<setting_name>
      
  3. To change the user attributes, in the User Attributes section, click the Edit icon. In the User Attributes & Claims dialog, add the details to your SAML token attributes configuration. Save this information, as these details will also be added in the JFrog platform.

    user-attributs-edit.png
  4. In the Set up Single Sign-On with SAML page, in the SAML Signing Certificate section, locate the Certificate (Base64) and download it to a local drive. You will later need to insert the certificate on the JFrog Platform.

    saml-signing-certificate.png
  5. In the Set up JFrog Artifactory section, fill in the appropriate URLs based on your requirements. Save these URLs, as these details will also be added in the JFrog platform.

    input-output-urls-saml-azure.png
  6. Copy the data from the text boxes so that you can later paste them in Artifactory's SAML SSO settings.

  7. Finish and save your settings.

With Azure Active Directory configured, we can now set up the SAML SSO on the JFrog Platform to work with it.

To set up the JFrog Platform to work with Azure Active Directory:

  1. Login to the system with administrator privileges.

  2. In the Administration module, go to Authentication Providers | SAML SSO.

  3. To add a new provider configuration, click Add Settings.

  4. In the SAML SSO Configuration dialog, you will define a SAML SSO configuration.

    saml-sso-multiple-selection-01.png

    .

    Keep the following details in mind:

    Artifactory

    Copy from Azure

    SAML Login URL

    Login URL

    SAML Logout URL

    Logout URL

    SAML Service Provider Name

    Azure AD Identifier

    SAML Certificate

    Base64 Certificate

  5. To enable the configuration, click Enable SAML Integration.

  6. Fill in the SAML Service Provider Name with the same URL used in the Azure ID Identifier field in the Azure setup.