Configure SAML SSO with Azure Active Directory on Testlify
Before you begin
- Admin access to your Azure Active Directory tenant — or access to a team that manages it
- Admin access to your Testlify workspace
- Ability to exchange configuration values between Testlify and your Azure AD team
Step 1: Gather initial data from Testlify
Before configuring Azure AD, contact Testlify support to receive two required values for your workspace:
- Email talent@testlify.com and request SAML SSO setup for your workspace.
- Testlify will send you:
- Assertion Consumer Service (ACS) URL
- Audience URL (Entity ID)
Keep these values ready — you will paste them into Azure AD in the next step.
Step 2: Create an enterprise application in Azure AD
Share the ACS URL and Entity ID from Step 1 with your Azure AD team. Once they complete setup, they will provide three values you need for Step 3:
- Login URL
- Azure AD Identifier
- SAML Signing Certificate (Base64 format)
If you manage Azure AD directly, follow these steps:
- In the Azure Active Directory admin center, go to All Services > Azure Active Directory > Enterprise Applications.
- Click New Application.
- On the Browse Azure AD Gallery page, click Create your application.
- Enter a meaningful name for the application, select the appropriate option, and click Create.
- On the application Overview page, click Single sign-on, then select SAML.
- On the Set up Single Sign-On with SAML page, click Edit in the Basic SAML Configuration section, then configure the following and click Save:
- Identifier (Entity ID) — paste the Audience URL (Entity ID) from Testlify.
- Reply URL (Assertion Consumer Service URL) — paste the ACS URL from Testlify.
- Download the Certificate (Base64) and note the Login URL and Azure AD Identifier from the same page.
- Go to Users and Groups and click Add User/group.
- On the Add Assignment page, select the group that should have access to Testlify, then click Assign.
Step 3: Configure SAML on Testlify
Email talent@testlify.com with the values from Step 2:
- Single sign-on issuer — the Azure AD Identifier
- Identity provider SSO URL — the Login URL
- X.509 Certificate — the SAML Signing Certificate (Base64). Provide only the certificate string; omit the
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----lines. - Username mapping — the attribute in the SAML response used for login, formatted as
${AttributeName}. For most setups, this is${EmailID}.
Tip: The username mapping attribute must exactly match the attribute name in your Azure AD application. If users cannot log in after setup, confirm that the email attribute name in Azure AD matches what you configured here.
Step 4: Test the SSO integration
- Open an incognito window to avoid cached session cookies.
- Go to your Testlify Workspace URL.
- Click Login with SSO on the login page.
- You will be redirected to the Microsoft authentication page. Sign in with a valid user account.
For SSO to succeed, the test user must meet all three conditions:
- The user exists in Testlify with the appropriate access level.
- The user has been assigned access to the Azure AD enterprise application.
- The username on Testlify matches the attribute value sent from Azure AD (e.g., the EmailID).
Need help? Contact support.