Azure Active Directory

Integrating AzureAD with env0 as a SAML provider

613613

Introduction

This guide will detail the various steps required to integrate AzureAD as a SAML provider for your env0 organization. The current implementation will create an AzureAD registered application with the Microsoft identity platform.
This will be used for authentication only, where you define your users in your AzureAD and enable them access to your env0 organization.
In addition, we also support group syncing of the logged in user to match those with env0 teams.

Steps

  1. Follow this guide to register an application in the Microsoft identity platform
  2. Leave the Redirect URI empty.
  3. In the platform setting you need to select Web
  4. Add a Redirect URI with this value: https://login.app.env0.com/login/callback
  5. Create a Client Secret.
  6. Upload the Application (client) ID and the Client Secret Value here.
    (Optional) Provide either the email domain (env0.com) or the specific Microsoft tenant domain (e.g. env0.onmicrosoft.com)

🚧

Multitenant AzureAD

If you are in a Multitenant environment, please check this setting:
Under "Authentication / Supported account types"
Select "Accounts in any organizational directory (Any Azure AD directory - Multitenant)"

📘

Teams Syncing

Teams will be synced each time a user will login with the following logic:

  1. env0 will create a new team if one doesn't exists based on the group name we received from the SAML provider.
  2. If the team exists in env0 we will not create a new team.
  3. We will assign the user to all the teams in env0 based on the group names he is part of in the SAML provider..
  4. If the user was removed from a group in the SAML provider we will remove him from the team in env0.