Configure SAML with Azure / AD FS (Microsoft)

We recommend reading the support article Configure SSO/SAML on start.me first

Organizations can enable their users to sign into start.me using their Azure AD credentials.  Use the following information to setup start.me SSO in Azure AD:

Step-by-step instructions:

1. Add a new application to your Azure Active Directory.

2. Select "Create your own application" and then "Integrate any other application you don't find in the gallery (Non-gallery)".

3. Add a new application "start.me login".

4. Once the new application is added, go to "Set up single sign on" and select "SAML".

5. Select "Upload metadata file" and upload the metadata file you can download on start.me (Configure IdP/2nd tab).

6. Review the "Attributes & Claims" and make sure the following attributes are present:

• name
• email

Note: make sure the Namespace is removed for both attributes.

7. In "SAML certificates" click "edit" in the section "Verification certificates". Click "Upload certificate" and upload the certificate you can download on start.me (Configure IdP/2nd tab -> SP CERTIFICATE (X.509)).

Make sure the following checkboxes are checked:

• Require verification certificates
• Allow requests signed with RSA-SHA1

8. In "SAML certificates" download the "Federation Metadata XML" and upload it on start.me (Setup SAML/3rd Tab -> USE METADATA FROM IDP).

9. Make sure the "Sign requests" is checked on start.me (Setup SAML/3rd Tab).

10. Finally, make sure you assign Users and Groups to this newly added application in Azure Ad.

After you have done this, you can test the new SSO by going to your login screen (e.g. https://yoursubdomain.start.me/users/sign_in).

Let us know in case need any help getting SSO setup for your organization. You can reach us at support@start.me.

Relevant links:

• Configure SAML on start.me
• Configure a SAML 2.0 provider for portals with Azure AD
  
• Configure a SAML 2.0 provider for portals with AD FS