Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employee’s sign in and access resources. You can use Azure AD to control access to your apps and your app resources, based on your business requirements.
Upon setup, you will be asked to provide a Sign-On URL and an Assertion Consumer Service (ACS) URL.
For the subdomain, use the coordinating subdomain listed in your Braze instance URL. For example, if your instance is
|Assertion Consumer Service (ACS) URL||
For some IdPs, this can also be referred to as the Reply URL, Audience URL, or Audience URI.
Service Provider (SP) Initiated Login within Azure AD
Step 1: Add Braze from the Gallery
Step 1a: Go to the Azure Active Directory
Go to the Azure Portal and click
Azure Active Directory in the left navigation panel.
Step 1b: Find Applications
Enterprise Applications, then select
Step 1c: Create a New Application
Add a new application by clicking
+ New application in the top of the dialog.
Step 1d: Add Braze
Braze in the search box, then select it from the result panel, then click
Step 2: Configure Azure AD Single Sign-On
Step 2a: Select Single Sign-On
Azure Portal, go to the Braze Application Integration page and select
Step 2b: Select SSO Method
SAML/WS-Fed as your method from the
Single Sign-On method dialog to open the
Set up Single Sign-On with SAML page.
Step 2c: Open Configure Dialog
From there, click the
Edit icon to open the
Basic SAML Configuration dialog.
Step 2d: Configure in IDP Mode
If you wish to configure the application in IDP initiated mode, enter a URL that combines your Braze instance with the following pattern:
Step 2e: Configure in SP Mode
If you wish to configure the application in SP initiated mode, click
Set additional URLs and enter a URL that combines your Braze instance with the following pattern:
Step 2f: Format SAML Assertions
Braze expects the SAML assertions in a specific format. You can manage the values of these attributes from the User Attributes section on the
Application Integration page. On the
Set up Single Sign-On with SAML page, click
Edit to open the
User Attributes dialog. Then, edit the claims according to the proper format, shown below.
Use the following attribute pairings (the image above shows the incorrect value for
Unique User Identifier =
Use the following Claim Name pairings (the image above shows the incorrect Value for
This is where you can manage those User Claims and values.
Step 2g: Download Certificate
Go to the
Set up Single Sign-On with SAML page, then scroll to the
SAML Signing Certificate section and download the appropriate
Certificate (Base64) based on your requirements.
Step 2h: Copy URLs for Configuration in Braze
Go to the
Set up Braze section and copy the appropriate URLs for use in the Braze configuration.
Step 3: Configure Azure AD within Braze
Once you have setup Braze within your Azure AD, they will provide a Target URL (Login URL) and
x.509 certificate which you will input into your Braze account.
After your Account Manager has enabled SAML SSO for your account, go to
Company Settings >
Security Settings and toggle the SAML SSO section to
On this page, you, input:
||This will appear as the button text on the login screen. This is typically your IdP name, like “Azure AD.”|
||This is the Login URL provided by Azure AD.|
Create and Enable a Braze API Key for IdP Login (Optional)
To enable IdP initiated login, you will first need to create an API Key in
Developer Console >
Input the generated API Key as the
RelayState parameter within Azure AD, which will be used to identity which company the user is trying to log into.
If you want your Braze account users to only sign in with SAML SSO, you can restrict single sign-on authentication from the
Company Settings page.