Instruction on this page is only valid for the Enterprise Architecture Management (EAM) and Value Stream Management (VSM) products. If you want to implement a single sign-on (SSO) for SaaS Management Product (SMP), please go here.
Request an SSO setup
Follow this link to directly request an SSO setup for your workspace(s): https://leanix.zendesk.com/hc/en-us/requests/new?ticket_form_id=4415741115666
This page gives best practices how to configure your Microsoft Azure when configuring it for SSO with LeanIX.
Please make sure to read the general SSO guide first. The general process is defined there, this page gives configuration details for Azure.
For information about how to add a non-gallery-application, please refer to the official documentation https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/configure-single-sign-on-non-gallery-applications
Please ensure that the settings are configured according to the example below:
Identifier (Entity ID): https://<customerDomain>.leanix.net/Shibboleth.sso Reply URL: https://<customerDomain>.leanix.net/Shibboleth.sso/SAML2/POST
When using SAML login with Microsoft Azure, you need to pass a user's first name, last name, email and role as described by Single sign-on (SSO) for details. These values are defined as SAML Token Attributes in the Relying Party Trust.
In order to properly configure the attribute mapping, custom claim rules need to be configured. The following example rules help to configure your Microsoft Azure federation with LeanIX.
For each SAML token attribute, the namespace element must be blank.
To learn more how to configure the user.assignedroles values, please see https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest
Updated 3 months ago