Microsoft Entra ID
Notes: You will need to be an administrator in both Azure and Allstacks to proceed.
Navigate to your Azure Active Directory portal. Select “Enterprise applications” from the left navigation bar.
2. Select “New application”
3. Select “Non-gallery application”
4. Enter “Allstacks” in the name field and click “Add”
5. Select “Single sign-on” from the left navigation panel and then select “SAML”
6. In another tab, open the Allstacks application, https://app.allstacks.com/, and navigate to your organization’s settings. Click “Configure” under SAML/SSO.
7. Copy the SSO and Logout URLs from this page for use in Azure AD. Leave this page open as we will be returning to it shortly.
8. Back in Azure AD, click edit in the Basic SAML Configuration section.
9. Copy in your Allstacks SSO and Logout URLs as shown, click save.
10. After closing that form, copy the following thumbprint and URLs for use in Allstacks.
11. Copy the URLs into the Allstacks form as shown. Note that the “Azure AD Identifier” and “Login URL”s are swapped in order here. Unless you are using custom fields for the storage of name and email, enter the following parameter name for the email, givenname, and surname fields. Click Save.
12. Add Users to the Allstacks Application in Azure AD so that they can log in.
13. On the Single sign-on page, click the Test button and attempt to “Sign in as current user”
14. If successful, you will be signed into Allstacks as your user (note the username in the upper right corner). Add any other users to the Allstacks Azure-Directory Enterprise Application. On the Allstacks Organization Settings page, toggle the SSO/SAML button to ON. Users assigned in Azure can now log into Allstacks through the Azure AD Portal.
Role Mapping
You can assign users a role in Allstacks based on the value of a claim in the SAML assertion. If this is enabled, the user’s role will be updated to match the claim from your Identity Provider every time they log in. Once you enable the Assign Allstacks Role by SAML Attribute
config on the SSO settings page, you’ll be presented with a mapping table. This allows you to use custom claim values to map to the corresponding role in Allstacks.
Note: Allstacks only supports a single value for the role claim. The user cannot be assigned multiple roles at the same time.
In Azure Entra ID, you could use a claim transformations to set the role based on a user’s attribute. You can also create custom roles on the Enterprise Application registration and assign users to those roles. Follow these instructions to create custom roles in the app registration. Then add a new claim to pass the role information to Allstacks during the login flow. Make sure the claim name matches the config set in Allstacks, which is role
in the above screenshot. The claim value should be user.assignedroles
.