All Collections
Teams & Enterprises
Configure SSO/SAML on Start.me
Configure SAML with Azure / AD FS (Microsoft)
Configure SAML with Azure / AD FS (Microsoft)
Updated over a week ago

Tip

We recommend reading the support article Configure SSO/SAML on start.me first

Organizations can enable their users to sign into Start.me using their Azure AD credentials. Use the following information to setup Start.me SSO in Azure AD:
​

Metadata URL

https://yourteamdomain].start.me/users/auth/saml2/metadata?id=[auth-id]

Callback/ACS URL

https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id]

Recipient

https://[yourteamdomain].start.me/users/auth/saml2/callback?id=[auth-id]

EntityID

startme

Required attributes

Instructions​

  1. Add a new application to your Azure Active Directory.

    add_application.png

  2. Select "Create your own application" and then "Integrate any other application you don't find in the gallery (Non-gallery)".

  3. Add a new application "Start.me login".

  4. Once the new application is added, go to "Set up single sign on" and select "SAML".

  5. Select "Upload metadata file" and upload the metadata file you can download on Start.me (Configure IdP/2nd tab).

  6. Review the "Attributes & Claims" and make sure the following attributes are present:

    • name

    • email

      Note: make sure the Namespace is removed for both attributes.
      ​

  7. In "SAML certificates" click "edit" in the section "Verification certificates". Click "Upload certificate" and upload the certificate you can download on Start.me (Configure IdP/2nd tab -> SP CERTIFICATE (X.509)).

    Make sure the following checkboxes are checked:

    • Require verification certificates

    • Allow requests signed with RSA-SHA1
      ​

  8. In "SAML certificates" download the "Federation Metadata XML" and upload it on Start.me (Setup SAML/3rd Tab -> USE METADATA FROM IDP)

  9. Make sure the "Sign requests" is checked on Start.me (Setup SAML/3rd Tab).

  10. Finally, make sure you assign Users and Groups to this newly added application in Azure Ad.

After you have done this, you can test the new SSO by going to your login screen (e.g. https://yoursubdomain.start.me/users/sign_in).

Need assistance?

Let us know if you need any help getting SSO set up for your organization. You can reach us at support@start.me.

Did this answer your question?