Notes: You will need to be an administrator in both Azure and Allstacks to proceed.
Navigate to your Azure Active Directory portal. Select “Enterprise applications” from the left navigation bar.
...
2. Select “New application”
...
14. If successful, you will be signed into Allstacks as your user (note the username in the upper right corner). Add any other users to the Allstacks Azure-Directory Enterprise Application. On the Allstacks Organization Settings page, toggle the SSO/SAML button to ON. Users assigned in Azure can now log into Allstacks through the Azure AD Portal.
...
Role Mapping
You can assign users a role in Allstacks based on the value of a claim in the SAML assertion. If this is enabled, the user’s role will be updated to match the claim from your Identity Provider every time they log in. Once you enable the Assign Allstacks Role by SAML Attribute config on the SSO settings page, you’ll be presented with a mapping table. This allows you to use custom claim values to map to the corresponding role in Allstacks.
...
Note: Allstacks only supports a single value for the role claim. The user cannot be assigned multiple roles at the same time.
In Azure Entra ID, you could use a claim transformations to set the role based on a user’s attribute. You can also create custom roles on the Enterprise Application registration and assign users to those roles. Follow these instructions to create custom roles in the app registration. Then add a new claim to pass the role information to Allstacks during the login flow. Make sure the claim name matches the config set in Allstacks, which is role in the above screenshot. The claim value should be user.assignedroles.
...