With Azure AD SSO, your IT teams can manage employee accounts through their Azure AD login credentials, and your employees will be able to save time by logging into the Firstbase platform quickly with their existing Azure AD credentials.
We support SSO for Azure AD via SAML.
Setup Instructions
1. Create an Azure Enterprise Application
2. Name it 'Firstbase' and choose the following option: "integrate any other other application you don't find in the gallery"
3. Start setting up Single Sign-On and choose the SAML option.
4. Click on edit and you start configuring the different configuration details
5. Enter a temporary 'Identifier' and 'Reply URL' and save your configuration. You can use id and https://test as placeholders for now.
6. Download your Certificate (Base 64).
- To download this certificate, instead of clicking "Download" directly next to the certificate, click instead on "Edit" the token signing certificate at the top right corner.
-
Click on the three "..." next to the thumbprint section in the drawer that opened up.
- Click on "Base64 Certificate download" and save this file.
7. Share with your Customer Success Manager the following three details:
- Certificate (base 64)
- Login URL
- Microsoft Entra Identifier
8. We'll proceed on our side to create the SAML connection to Firstbase and will send you back the following details:
- Assertion Consumer Service URL
- Audience URI
- Sign on URL
- Relay State
9. Go back to your Azure AD SAML set up and edit your 'Identifier', 'Reply URL, 'Sign on URL' and 'Relay State' fields:
- Identifier - Add the Audience URI provided by Firstbase
- Reply URL - Add the Assertion Consumer Service URL provided by Firstbase
-
Sign on URL - This will have the form: https://app.firstbasehq.com/auth?idp=YOURIDP
- In 'YOURIDP' field, use the IDP provided as part of the reply URL:
- Example:
https://app.firstbasehq.com/auth?idp=ABCDEFGHIJK
- In this case your Sign on URL will be: https://app.firstbasehq.com/auth?idp=ABCDEFGHIJK
- Example:
- In 'YOURIDP' field, use the IDP provided as part of the reply URL:
- Relay State - This will be: https://app.firstbasehq.com
10. You can now test the application.
Note: The user you test with must be a registered user in the Firstbase app.
11. Let your Customer Success Manager know that you've configured everything and we'll activate the routing rules on Firstbase. As soon as this is done, your users will be able to login directly by adding their email address if they are already signed on to Azure AD on your side.