This document highlights the steps to integrate Testlify with Microsoft Azure Active Directory (Azure AD) for SSO using SAML 2.0.
This document is not intended to be a full reference guide, since you may need to change Azure AD or Testlify configuration to your company needs. Hence, this describes a sample configuration to have it working.
Gather initial data from Testlify
To make the initial configuration on Azure AD, we need to collect two information from Testlify, the Assertion Consumer Service URL, and the Audience URL (Entity ID).
Email Testlify support at [email protected]
We will email you the Assertion Consumer Service URL and for Audience URL (Entity ID) for your workspace.
Create an application on Azure AD
Usually, your company will have a specific team managing the Azure Active Directory activities and you will interact with them, providing and receiving the necessary information to complete the configuration.
If you are working with your Azure AD team, provide them with the information collected in the previous section. When they finish their configuration, this are the information they need to share with you and will be used in the next section:
The Login URL.
The Azure AD Identifier.
The SAML Signing Certificate in Base64 format.
The Atlassian SSO App supports signing only the SAML assertion.
The attribute in the SAML response is to be used as the username mapping.
This is often the Email ID attribute.
In this section, we will go through the steps needed to complete a simple application configuration on Azure AD.
On Azure Active Directory admin center, go to All Services > Azure Active Directory > Enterprise Applications.
Click on New Application.
On the Browse Azure AD Gallery page, click on Create your application.
On the Create Your application popup, give the application a meaningful name, choose the appropriate option, and click on Create.
Under the Overview page of your application, click on Single sign-on and choose SAML as the SSO method.
On the Set up Single Sign-On with SAML page, click on Edit on the Basic SAML Configuration section.
On the Basic SAML Configuration popup, configure it as follows and click on Save.
Identifier (Entity ID) must be configured with the value from the attribute on Testlify.
Reply URL (Assertion Consumer Service URL) must be configured with the value from the Assertion Consumer Service URL attribute on Testlify.
Collect the following information to be used in the next section.
Download the Certificate (Base64).
The Login URL.
The Azure AD Identifier.
Back to the Overview page of your application, go to Users and Groups.
On the Users and Groups page, click on Add User/group.
On the Add Assignment page choose None Selected under Users and Groups.
Choose a predefined group that will have access to the Testlify application and then click on Assign.
Configure SAML on Testlify
Email the Testlify team at support@testlify with the following information
Name for your configuration (i.e. Azure Active Directory) and select SAML single sign-on as the Authentication method.
From the SAML SSO settings, send the information it as follows.
Single sign-on issuer is the value of the Azure AD Identifier from the Azure AD application configuration.
The identity provider's single sign-on URL is the value of the Login URL from the Azure AD application configuration.
X.509 Certificate is the value of the SAML Signing Certificate (Base64) from the Azure AD application configuration. Make sure to use only the certificate string, discarding the
BEGIN/END CERTIFICATE
lines.Username mapping is the attribute in the SAML response to be used as the username mapping, which must be configured as
${AttributeName}
. On our sample application, the attribute is the EmailID and it must be configured as${EmailID}
.
Test the SSO Integration
Open an incognito window on your browser to ensure it won't use any of your session cookies.
Access the Testlify Workspace URL.
On the Login button, click on the Login with SSO button
This will send you to the Microsoft authentication page.
Authenticate with a valid user credential.
The user must already exist on Testlify with the proper Testlify Software access.
The user must have application access to Azure AD.
The username on Testlify must match the value sent from Azure AD within the EmailID or other configured attribute.