SSO For enterprise

Setting up Azure AD SAML SSO for Swiftask

Overview

This guide will walk you through the process of configuring Single Sign-On (SSO) using Azure Active Directory (Azure AD) as your identity provider for your Swiftask workspace. SAML SSO integration allows your team members to securely access Swiftask using their existing corporate credentials, simplifying user management and enhancing security.

Prerequisites

  • You must be a Workspace Administrator in Swiftask

  • Your workspace must be on the Team Growth plan or higher

  • You need administrative access to your organization's Azure AD portal

  • Your organization must have Azure AD configured

Configuration Process

The configuration involves two main parts:

  1. Gathering information from Swiftask to configure Azure AD

  2. Configuring Azure AD and entering the required information back into Swiftask

Step 1: Access the SAML Configuration in Swiftask

  1. Log in to your Swiftask workspace as an administrator

  2. Navigate to the Workspace Admin interface

  3. Select "SAML Configuration" from the menu

You'll see the SAML Configuration screen with fields for configuring your identity provider.

Step 2: Note the Service Provider Details

In the "Service Provider Details" section of the Swiftask SAML configuration page, you'll find the following information that you'll need to provide to Azure AD:

  • Entity ID / Audience URI: This is a unique identifier for your Swiftask workspace (e.g., urn:swiftask-{workspaceid})

  • ACS (Assertion Consumer Service) URL: This is the URL where SAML responses will be sent (e.g., https://graphql.swiftask.ai/auth/saml/callback/{workspaceId})

Use the "COPY" button next to each value to copy them to your clipboard. You'll need these values when configuring Azure AD.

Step 3: Configure Azure AD as an Identity Provider

  1. Log in to the Azure Portal

  2. Add a New Enterprise Application

    • Navigate to Azure Active Directory > Enterprise Applications

    • Click New Application

    • Select Create your own application

    • Enter "Swiftask" as the application name

    • Select "Integrate any other application you don't find in the gallery (Non-Gallery application)"

    • Click Create

  3. Configure SAML-based Single Sign-On

    • In your newly created application, select Single sign-on from the left menu

    • Choose SAML as the single sign-on method

    • In the Basic SAML Configuration section, click Edit

  4. Enter Swiftask Service Provider Details

    • Identifier (Entity ID): Paste the Entity ID / Audience URI from Swiftask

    • Reply URL (Assertion Consumer Service URL): Paste the ACS URL from Swiftask

    • Sign on URL: Enter the URL of your Swiftask workspace (e.g., https://app.swiftask.ai)

    • Click Save

  5. Configure User Attributes & Claims

    • In the User Attributes & Claims section, click Edit

    • Ensure the following claims are configured:

      • Name identifier value: Set to user.userprincipalname or user.mail

      • Given name: Set to user.givenname

      • Surname: Set to user.surname

      • Email: Set to user.mail

    • Click Save

  6. Get Azure AD SAML Information

    • In the SAML Signing Certificate section, download the Certificate (Base64)

    • Note the following URLs from the Set up Swiftask section:

      • Login URL: This is the Identity Provider URL you'll need for Swiftask

      • Azure AD Identifier: This is the Identity Provider Entity ID you'll need for Swiftask

Step 4: Complete the SAML Configuration in Swiftask

Return to the Swiftask SAML Configuration page and enter the information from Azure AD:

  1. Identity Provider URL

    • Enter the Login URL from Azure AD

  2. Identity Provider Entity ID

    • Enter the Azure AD Identifier from Azure AD

  3. X.509 Certificate

    • Open the downloaded certificate file in a text editor

    • Copy the entire content, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines

    • Paste it into the X.509 Certificate field in Swiftask

  4. Attribute Mapping (Optional)

    • If needed, you can configure custom attribute mapping in JSON format

    • A typical mapping for Azure AD might look like:

    {
      "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress",
      "firstName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname",
      "lastName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname"
    }
  5. Domain

    • Enter your organization's email domain (e.g., company.com)

    • This will enable auto-joining for users with email addresses from this domain

  6. Save Configuration

    • Click the "Save Configuration" button to apply your settings

Step 5: Test the SAML SSO Integration

  1. Open a new private/incognito browser window

  2. Navigate to your Swiftask workspace URL

  3. Enter an email address with the domain you configured

  4. You should be redirected to the Azure AD login page

  5. After successful authentication, you should be logged into Swiftask

Troubleshooting

If you encounter issues with your SAML SSO configuration, check the following:

  • Verify that all URLs and identifiers are correctly copied between Swiftask and Azure AD

  • Ensure the X.509 certificate is properly formatted and includes the header and footer lines

  • Check that the attribute mapping is correctly configured in both systems

  • Verify that the user has been assigned to the Swiftask application in Azure AD

  • Check your browser's developer console for any SAML-related errors

Additional Configuration Options

Enforcing SSO

Once you've confirmed that SSO is working correctly, you may want to enforce SSO for all users in your workspace. This ensures that all users must authenticate through Azure AD to access Swiftask.

User Provisioning

For larger organizations, you may want to configure automatic user provisioning between Azure AD and Swiftask. This allows user accounts to be automatically created, updated, and deactivated in Swiftask based on changes in Azure AD.

Support

If you need assistance with your SAML SSO configuration, please contact Swiftask support at [email protected].


This guide provides step-by-step instructions specifically for configuring Azure AD as an identity provider for SAML SSO with Swiftask. By following these instructions, you'll enable your team to securely access Swiftask using their existing Azure AD credentials.

Last updated