Azure Active Directory
Azure Active Directory (Azure AD) is Microsoft’s cloud-based identity and access management service, which helps your employee’s sign in and access resources. You can use Azure AD to control access to your apps and your app resources, based on your business requirements.
- An Azure AD account.
- A Braze account with SAML SSO enabled.
- You must have admin privileges for both Azure and Braze.
Step 1: Add Braze from the Gallery
- Go to the Azure Portal and click
Azure Active Directoryin the left navigation panel.
- Navigate to
Enterprise Applications, then select
- Add a new application by clicking
+ New applicationin the top of the dialog.
- Search for
Brazein the search box, then select it from the result panel, then click
Step 2: Configure Azure AD Single Sign-On
- In your
Azure Portal, go to the Braze Application Integration page and select
SAML/WS-Fedas your method from the
Single Sign-On methoddialog to open the
Set up Single Sign-On with SAMLpage.
- From there, click the
Editicon to open the
Basic SAML Configurationdialog.
- If you wish to configure the application in IDP initiated mode, enter a URL that combines your Braze instance with the following pattern:
- If you wish to configure the application in SP initiated mode, click
Set additional URLsand enter a URL that combines your Braze instance with the following pattern:
- Braze expects the SAML assertions in a specific format. You can manage the values of these attributes from the User Attributes section on the
Application Integrationpage. On the
Set up Single Sign-On with SAMLpage, click
Editto open the
User Attributesdialog. Then, edit the claims according to the proper format, shown below.
- Go to the
Set up Single Sign-On with SAMLpage, then scroll to the
SAML Signing Certificatesection and download the appropriate
Certificate (Base64)based on your requirements.
- Go to the
Set up Brazesection and copy the appropriate URLs for use in the Braze configuration.
User Claims Configuration Format
+ Add new claim to open the
Manage user claims dialog and enter each of these as an
Step 3: Configure Braze Single Sign-On
Send the downloaded
Certificate (Base64) to Braze support so they can turn on your SAML SSO connection.
Step 4: Test Azure AD Single Sign-On
Test Azure Single Sign-On as described in Azure’s instructions here.
If you want your Braze account users to only sign in with SAML SSO, you can restrict single sign-on authentication from the
Company Settings page.