Azure Active Directory
Read time: 1 minute
Last edited: Feb 27, 2023
Azure Active Directory is available to customers on a Starter or Pro plan with the SSO add-on, and to all customers on an Enterprise plan. However, support for Azure from our Support team is available only to customers on an Enterprise plan. To learn more, read about our pricing. To upgrade your plan, contact Sales.
Overview
This topic explains how to integrate LaunchDarkly with Microsoft Azure Active Directory.
LaunchDarkly is included in Azure AD's App Gallery. Azure provides a LaunchDarkly application template that facilitates configuration.
Integrating LaunchDarkly with Azure
To integrate LaunchDarkly with Azure:
- Log in to Azure.
- Navigate to your Enterprise applications.
- Click New application:
- Search for the LaunchDarkly application.
- After you add it, follow the Azure LaunchDarkly Application Tutorial.
During configuration, we recommend using the identifier user.mail, provided that every user has their email addresses attribute set. If you haven't set attributes for every user, use the identifier user.userprincipalname.
Mapping user attributes
After LaunchDarkly is integrated with Azure, you can map LaunchDarkly role and custom role attributes to Azure using Azure claims. The LaunchDarkly Azure SSO integration only provides Just-In-Time user provisioning for IdP-Initiated SSO.
To learn more about SSO provisioning for roles and custom roles, read Custom roles.
To set up role and customRole claims in Azure:
- Navigate to the User Attributes & Claims section.
- Click Edit.
- Click Add new claim.
- Enter "role" in the Name field.
- Leave the source as "Attribute."
- Choose a source attribute from the menu that is not currently mapped. This example uses
user.country. - Click Save:
- Repeat steps 1-7 with "customRole", mapping to a different unused source attribute.
SAML ignores empty fields if used in Roles or customRoles. To clear all existing roles, enter an empty string "" into the field.