Organizations utilizing Azure Active Directory (Azure AD) can configure ScaleFT to authenticate against it using SAML.
SAML can only be configured in ScaleFT during signup, so to get started using Azure AD authentication create a new team and choose SAML authentication when prompted.
Once you reach the SAML configuration step in the ScaleFT signup process you will need to add ScaleFT to Azure AD.
To add ScaleFT to Azure AD, log in to the Azure portal and browse to Azure Active Directory > Enterprise Applications, choose “New Application” then “Non-gallery application”. Assign the application a name (for example “ScaleFT”), then click “Add”.
Once you’ve created the application browse to the “Single sign-on” panel of the application’s settings in Azure and choose “SAML-based Sign-on”.
After selecting SAML on the “Single sign-on” panel of the application’s settings you’ll need to provide the following values under “Domain and URLs”:
Next, check the Show Advanced URL settings box to expand additional settings, and fill in:
<team-name>with the name of the team your chose during ScaleFT signup
Note: Don’t click “Test SAML Settings”; authentication isn’t yet configured in ScaleFT so it won’t work.
Under “User Attributes” on the “Single sign-on” panel of the application’s settings you’ll need to configure SAML attributes for ScaleFT to consume.
Check View and edit all other user attributes and confirm that the following attributes exist:
Each of these should have a namespace of
The value of
user.principalname is not suitable for use as a ScaleFT user name, so click on the name attribute and change the value to
Note: it is typically fine to leave the other attributes unmodified, but it is important that each of them have a value for every user who logs in to ScaleFT. For example, if a user who does not have an email address configured in Azure attempts to log in to ScaleFT authentication will fail. In some cases it may make sense to choose different attribute values in order to ensure that every user has appropriate values set.
Click on “Users and groups” under the application’s configuration. Click “Add user” and assign any users or groups who should be allowed to log in to ScaleFT. Alternatively, browse to the “Properties” panel and disable the “User assignment required” setting in order to allow anyone with access to your Azure account to log in to ScaleFT.
IMPORTANT: in order to complete ScaleFT signup you will need to perform a SAML log in, so it is important that you are either assigned to the application or that user assignment is not required.
Once you’ve configured ScaleFT in Azure AD you’ll need to enter the following values into your ongoing ScaleFT signup.
Several of these values must come from Azure AD’s “Configure sign-on” panel which you may access within Azure by browsing back to the “Single sign-on” panel, scrolling to the bottom and clicking “Configure ScaleFT” (the exact text may be different if you chose a name other than “ScaleFT” for your application).
Use the “SAML Single Sign-On Service URL” value from the “Configure sign-on” panel in Azure, described above.
Use the “SAML Entity ID” value from the “Configure sign-on” panel in Azure, described above.
On Azure AD’s “Configure sign-on panel”, described above, click “SAML Signing Certificate - Base64 encoded” to download the signing certificate. Open the file in a text editor and copy and paste the contents into ScaleFT.
In this section you will need to input the names of the attributes from Azure:
Note: Azure AD passes fully qualified attribute names, so it is important to enter these full URLs exactly as they appear here.
Once you’re happy with your configuration click “Authenticate with SAML” in ScaleFT.