• Home
  • Integrations
  • SDKs
  • Guides
  • API docs
    No results for ""


    Azure Active Directory

    Read time: 1 minute
    Last edited: Feb 27, 2023
    Support for Azure is an Enterprise feature

    Azure Active Directory is available to customers on a Starter or Pro plan with the SSO add-on, and to all customers on an Enterprise plan. However, support for Azure from our Support team is available only to customers on an Enterprise plan. To learn more, read about our pricing. To upgrade your plan, contact Sales.


    This topic explains how to integrate LaunchDarkly with Microsoft Azure Active Directory.

    LaunchDarkly is included in Azure AD's App Gallery. Azure provides a LaunchDarkly application template that facilitates configuration.

    Integrating LaunchDarkly with Azure

    To integrate LaunchDarkly with Azure:

    1. Log in to Azure.
    2. Navigate to your Enterprise applications.
    3. Click New application:
    The Azure "Enterprise Applications" page with "New application" called out.
    The Azure "Enterprise Applications" page with "New application" called out.
    1. Search for the LaunchDarkly application.
    2. After you add it, follow the Azure LaunchDarkly Application Tutorial.
    Azure user identifier guidelines

    During configuration, we recommend using the identifier user.mail, provided that every user has their email addresses attribute set. If you haven't set attributes for every user, use the identifier user.userprincipalname.

    Mapping user attributes

    After LaunchDarkly is integrated with Azure, you can map LaunchDarkly role and custom role attributes to Azure using Azure claims. The LaunchDarkly Azure SSO integration only provides Just-In-Time user provisioning for IdP-Initiated SSO.

    To learn more about SSO provisioning for roles and custom roles, read Custom roles.

    To set up role and customRole claims in Azure:

    1. Navigate to the User Attributes & Claims section.
    2. Click Edit.
    3. Click Add new claim.
    4. Enter "role" in the Name field.
    5. Leave the source as "Attribute."
    6. Choose a source attribute from the menu that is not currently mapped. This example uses user.country.
    7. Click Save:
    The Azure "Manage claim" screen.
    The Azure "Manage claim" screen.
    1. Repeat steps 1-7 with "customRole", mapping to a different unused source attribute.
    Removing existing roles

    SAML ignores empty fields if used in Roles or customRoles. To clear all existing roles, enter an empty string "" into the field.