Sleuth Documentation
HomeBlogSupportSign up
  • Getting started
  • Navigating Sleuth
  • DORA metrics
    • Deploy frequency
    • Change lead time
    • Change failure rate
    • MTTR
    • Interpreting Metrics in Sleuth
  • Deployment tracking
    • Organization
      • Labels
      • Trends
      • Compare
      • Search
      • Status
    • Projects
      • Issue trackers
    • Environments
    • Code deployments
      • Creating a deployment
      • How to register a deploy
      • Rollbacks
      • Automatic tagging
      • Deployment locking
      • Environment drift
      • Move code deployments
      • Search everything
    • Feature flags
    • Manual changes
    • Deploys
    • Teams
  • Work in Progress
  • Goals
  • Sleuth Automations
    • Automations Marketplace
      • Installing Automations
        • Installing PR "Update" Automations
      • Editing and uninstalling Automations
      • Smart suggestions
      • Understanding efficacy
    • Custom Automations
      • Automations Cookbook
      • Webhook Actions
      • Trigger Build Actions
        • Bitbucket Pipelines
        • CircleCI
        • Github Actions
        • Jenkins
  • Slack & Email Notifications
  • Auto-verify deploys
    • Anomaly detection
    • Error impact
    • Metric impact
  • Ignoring pull requests
  • Slack mission control
    • Approvals
    • Project notifications
    • Personal notifications
    • Search Sleuth in Slack
    • Project/Deployment history
    • Developer standup
  • Sleuth API
    • Deploy Registration
    • Deploy import
    • Manual Change
    • Custom Incident Impact Registration
    • Custom Metric Impact Registration
    • Deprecation information
    • GraphQL Queries
    • GraphQL Mutations
    • Query batching
  • Integrations
    • About Integrations...
    • Code integrations (read-only)
      • Azure DevOps
      • Bitbucket
      • GitHub
      • GitLab
      • Custom Git
      • Terraform Cloud
    • Code integrations (write)
    • Feature flag integrations
      • LaunchDarkly
    • Impact integrations
      • Error trackers
        • Bugsnag
        • Honeybadger
        • Rollbar
        • Sentry
      • Metric trackers
        • AppDynamics
        • AWS CloudWatch
        • Custom
        • Datadog
        • Jira metrics (Cloud / Data Center)
        • NewRelic
        • SignalFx
      • Incident tracker integrations
        • Blameless
        • PagerDuty
        • Datadog Monitors
        • Statuspage
        • Opsgenie
        • Jira (Cloud/Data Center)
        • FireHydrant
        • Rootly
        • ServiceNow
        • Custom
          • Grafana OnCall
      • CI/CD builds
        • Azure Pipelines
        • Bitbucket Pipelines
        • Buildkite
        • CircleCI
        • GitHub Actions
        • GitLab CI/CD Pipelines
        • Jenkins
    • Sleuth DORA App for Slack
    • Microsoft Teams integration
    • CI/CD integrations
      • Azure Pipelines
      • Bitbucket Pipelines
      • Buildkite
      • CircleCI
      • Github Actions
      • GitLab CI/CD Pipelines
      • Jenkins
    • Issue tracker integrations
      • Jira Cloud
      • Jira Data Center
      • Linear
      • Shortcut
    • Fixing broken integrations
  • Pulse
    • Welcome to Pulse docs
    • Quick Start setup guide
    • Beginner tutorials
      • 1. How to create a Teamspace
      • 2. How to create a Review
      • 3. How to create a Survey
  • Features
    • Reviews
      • Review workflow
      • Review templates
      • Widgets and Sections
        • Widget type
      • Review settings
    • Surveys
      • Survey Workflow
    • Teamspaces
    • Inbox
    • AI assistant
    • General settings
      • Users and Teams
      • Investment mix
  • Settings
    • Organization settings
      • Details
      • Authentication
        • SAML 2.0 Setup
          • Okta Configuration
          • Azure AD Configuration
          • PingIdentity Configuration
      • Access Tokens
      • Members
      • Team Settings
      • Billing
    • Project settings
      • Details
      • Slack settings
      • Environment settings
      • Code deployment settings
      • Feature flag settings
      • Impact settings
    • Account settings
      • Account settings
      • Notifications settings
      • Identities settings
    • Role Based Access Control
  • Resources
    • FAQ
    • Sleuth TV
    • Purchasing
    • About Sleuth...
Powered by GitBook
On this page
  • Steps to follow
  • Create a new Enterprise Application
  • Set up Single Sign-On
  • Configure Attributes & Claims
  • Enter Azure's metadata into Sleuth

Was this helpful?

  1. Settings
  2. Organization settings
  3. Authentication
  4. SAML 2.0 Setup

Azure AD Configuration

PreviousOkta ConfigurationNextPingIdentity Configuration

Last updated 1 year ago

Was this helpful?

Steps to follow

    • Option 1: Upload metadata XML file

    • Option 2: Enter metadata manually

    • Option 1: Link to metadata file

    • Option 2: Input metadata manually

Create a new Enterprise Application

Sign into Azure as an administrator and click on the "Azure Active Directory" tile.

In the left-hand menu click on "Enterprise Applications" and then click "New application". On the next page click "Create your own application". Name your application (e.g., Sleuth), select the "Integrate any other application you don't find in the gallery (Non-gallery)" option, and click "Create":

Set up Single Sign-On

Once the application is created, you'll be taken to its homepage. Click the "2. Set up single sign on" tile (alternatively, you can click the "Single sign-on" link in the left-hand navigation):

When prompted, select "SAML" as the single sign-on method, then proceed with one of the 2 options explained below:

Click the "Upload metadata file" button to trigger the file import modal, select the file to upload, and click "Add":

Once the file is uploaded, you'll see a preview of the imported metadata. If needed/desired, you can still make changes, although it generally shouldn't be necessary.

One optional field that doesn't get populated automatically is "Relay State"; you can specify it manually by inputting your Sleuth org slug (find it in your URL -> https://app.sleuth.io/<org-slug>) and clicking "Save" at the top:

On the "Basic SAML Configuration" tile click "Edit":

Fill in the necessary metadata (found in Sleuth), using the following reference, and click "Save":

AZURE AD
SLEUTH
EXAMPLE

Identifier (Entity ID)

SAML Entity ID

https://app.sleuth.io/saml/metadata/

Reply URL (Assertion Consumer Service URL)

Assertion Consumer Service

https://app.sleuth.io/complete/saml/

Relay State (Optional)

Default Relay State

sleuth (should be your org slug)

Logout Url (Optional)

Single Logout Service

https://app.sleuth.io/saml/sls/

Configure Attributes & Claims

Leave the Attributes & Claims section configured as it is, the settings should look like this:

Keeping the Unique User Identifier claim set to user.userprincipalname is a prerequisite for your SAML configuration to work with Sleuth.

Enter Azure's metadata into Sleuth

Similarly as before, you can again choose between pointing Sleuth to a URL where the IdP's metadata is now available, or entering the metadata into Sleuth manually.

In Azure on the "SAML Certificates" tile under your Enterprise Application, copy the value of the "App Federation Metadata Url" field:

In Sleuth, click the "point Sleuth to metadata file URL" link to trigger the input modal and paste the copied URL into the field, then click "Save":

The remaining fields in Sleuth will get populated automatically, just click "Test Metadata and Save":

Sleuth defaults all of the Advanced configuration to the most commonly used values, but depending on your IdP configuration you might need to adjust "Advanced settings".

Assign Users/Groups to the Enterprise Application

On the Application's homepage click the "1. Assign users and groups" tile (alternatively, you can click the "Users and groups" link in the left-hand navigation):

Click the "+Add user/group" button and assign Users/Groups as needed:

Fill in the necessary metadata (found in Azure AD), using the following reference, and click "Test Metadata and Save":

SLEUTH
AZURE AD
EXAMPLE

Entity ID

Azure AD Identifier

https://sts.windows.net/<...>

SSO URL

Login URL

https://login.microsoftonline.com/<...>

SLO URL

Logout URL

https://login.microsoftonline.com/<...>

Certificate

On the "SAML Certificates" tile click "Edit", then click the 3 ellipses at the right end of the Active certificate and select "PEM certificate download".

-----BEGIN CERTIFICATE----- <...> -----END CERTIFICATE-----

Create a new Enterprise Application
Set up Single Sign-On
Configure Attributes & Claims
Enter Azure's metadata into Sleuth
Assign Users/Groups to the Enterprise Application
Open the downloaded file with a text-/code editor and copy the contents to be pasted into the "Certificate" field in Sleuth.