SSO For enterprise
Setting up Azure AD SAML SSO for Swiftask
Overview
This guide will walk you through the process of configuring Single Sign-On (SSO) using Azure Active Directory (Azure AD) as your identity provider for your Swiftask workspace. SAML SSO integration allows your team members to securely access Swiftask using their existing corporate credentials, simplifying user management and enhancing security.
Prerequisites
You must be a Workspace Administrator in Swiftask
Your workspace must be on the Team Growth plan or higher
You need administrative access to your organization's Azure AD portal
Your organization must have Azure AD configured
Configuration Process
The configuration involves two main parts:
Gathering information from Swiftask to configure Azure AD
Configuring Azure AD and entering the required information back into Swiftask
Step 1: Access the SAML Configuration in Swiftask
Log in to your Swiftask workspace as an administrator
Navigate to the Workspace Admin interface
Select "SAML Configuration" from the menu
You'll see the SAML Configuration screen with fields for configuring your identity provider.
Step 2: Note the Service Provider Details
In the "Service Provider Details" section of the Swiftask SAML configuration page, you'll find the following information that you'll need to provide to Azure AD:
Entity ID / Audience URI: This is a unique identifier for your Swiftask workspace (e.g.,
urn:swiftask-{workspaceid})ACS (Assertion Consumer Service) URL: This is the URL where SAML responses will be sent (e.g.,
https://graphql.swiftask.ai/auth/saml/callback/{workspaceId})
Use the "COPY" button next to each value to copy them to your clipboard. You'll need these values when configuring Azure AD.
Step 3: Configure Azure AD as an Identity Provider
Log in to the Azure Portal
Go to https://portal.azure.com and sign in with your administrative account
Add a New Enterprise Application
Navigate to Azure Active Directory > Enterprise Applications
Click New Application
Select Create your own application
Enter "Swiftask" as the application name
Select "Integrate any other application you don't find in the gallery (Non-Gallery application)"
Click Create
Configure SAML-based Single Sign-On
In your newly created application, select Single sign-on from the left menu
Choose SAML as the single sign-on method
In the Basic SAML Configuration section, click Edit
Enter Swiftask Service Provider Details
Identifier (Entity ID): Paste the Entity ID / Audience URI from Swiftask
Reply URL (Assertion Consumer Service URL): Paste the ACS URL from Swiftask
Sign on URL: Enter the URL of your Swiftask workspace (e.g.,
https://app.swiftask.ai)Click Save
Configure User Attributes & Claims
In the User Attributes & Claims section, click Edit
Ensure the following claims are configured:
Name identifier value: Set to
user.userprincipalnameoruser.mailGiven name: Set to
user.givennameSurname: Set to
user.surnameEmail: Set to
user.mail
Click Save
Get Azure AD SAML Information
In the SAML Signing Certificate section, download the Certificate (Base64)
Note the following URLs from the Set up Swiftask section:
Login URL: This is the Identity Provider URL you'll need for Swiftask
Azure AD Identifier: This is the Identity Provider Entity ID you'll need for Swiftask
Step 4: Complete the SAML Configuration in Swiftask
Return to the Swiftask SAML Configuration page and enter the information from Azure AD:
Identity Provider URL
Enter the Login URL from Azure AD
Identity Provider Entity ID
Enter the Azure AD Identifier from Azure AD
X.509 Certificate
Open the downloaded certificate file in a text editor
Copy the entire content, including the
-----BEGIN CERTIFICATE-----and-----END CERTIFICATE-----linesPaste it into the X.509 Certificate field in Swiftask
Attribute Mapping (Optional)
If needed, you can configure custom attribute mapping in JSON format
A typical mapping for Azure AD might look like:
{ "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "firstName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givenname", "lastName": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surname" }Domain
Enter your organization's email domain (e.g.,
company.com)This will enable auto-joining for users with email addresses from this domain
Save Configuration
Click the "Save Configuration" button to apply your settings
Step 5: Test the SAML SSO Integration
Open a new private/incognito browser window
Navigate to your Swiftask workspace URL
Enter an email address with the domain you configured
You should be redirected to the Azure AD login page
After successful authentication, you should be logged into Swiftask
Troubleshooting
If you encounter issues with your SAML SSO configuration, check the following:
Verify that all URLs and identifiers are correctly copied between Swiftask and Azure AD
Ensure the X.509 certificate is properly formatted and includes the header and footer lines
Check that the attribute mapping is correctly configured in both systems
Verify that the user has been assigned to the Swiftask application in Azure AD
Check your browser's developer console for any SAML-related errors
Additional Configuration Options
Enforcing SSO
Once you've confirmed that SSO is working correctly, you may want to enforce SSO for all users in your workspace. This ensures that all users must authenticate through Azure AD to access Swiftask.
User Provisioning
For larger organizations, you may want to configure automatic user provisioning between Azure AD and Swiftask. This allows user accounts to be automatically created, updated, and deactivated in Swiftask based on changes in Azure AD.
Support
If you need assistance with your SAML SSO configuration, please contact Swiftask support at [email protected].
This guide provides step-by-step instructions specifically for configuring Azure AD as an identity provider for SAML SSO with Swiftask. By following these instructions, you'll enable your team to securely access Swiftask using their existing Azure AD credentials.
Last updated