Azure Active Directory (Azure AD) is Microsoft's cloud-based directory and identity management service that you can integrate with Split's SAML 2.0 API to allow users to log into Split using their single sign-on (SSO) credentials. To learn more about configuring SAML in Split, refer to the Single sign-on overview guide.
Create an enterprise app in Azure
To create an enterprise app in Azure, do the following:
From the MS Azure console, enter Enterprise in the top search box and click Enterprise Applications.
Click New Application, then Create your own application. The Create your own application page appears.
In the What’s the name of your app field, enter Split.
Select the Integrate any other application you don’t find in the gallery radio button.
- Click Create.
Configure enterprise app for SSO
Once the application is added, you can add users and set up SSO by doing the following:
Click the Assign Users and Groups link, and then Add user/group to add the users or groups that will use Split.
Under Manage, click Single Sign-on.
In the Basic SAML Configuration view, click Edit.
In both the Identifier and Reply URL fields, enter https://www.placeholder.split.io and click Save.
Download the SSO Federation Metadata in the SAML Signing Certificate box. Note where you save the XML file.
Note: You need to be a Split administrator to configure SAML.
To configure Split SSO, do the following:
- Navigate to the Split user interface and in the left hand navigation, click the initials at the top left and select Admin settings.
- Under Organizational settings, select Security. The Security page appears.
- In the SAML tab, copy and paste the XML file contents into the Identity provider (IdP) metadata field.
- Depending on your needs, select either SAML Strict Mode or Just-In-Time Provisioning (JIT) and click Save.
Note: For more information on SAML Strict Mode or JIT, refer to Adding SAML/SSO users guide.
A message displays indicating that the SAML is enabled. This gives you the proper information to place in the Identifier and Reply URL from the Basic SAML Configuration box that you first filled in with https://placeholder.split.io. Copy the Assertion Consumer Service URL link to your clipboard.
Add SAML settings
Navigate back to Azure and place the link you copied into the Basic SAML Configuration box for Identifier and Reply URL. Optionally place the Single Sign-on URL from Split’s user interface into the Sign on URL to enable SP Initiated SSO using that URL.
Click Save. SSO is enabled.
Click Test in Test single sign-on with Split if you have JIT enabled, or if your Azure account’s email address already exists in your Split organization. If not, you must test with a user that is in the Split app you created in Azure, and in Split itself.