Setting up SSO with Azure AD

info

Single Sign-On (SSO) is only available for Workspaces on Enterprise Plan. Reach out to support@devraven.io for upgrading your Workspace to Enterprise Plan.

This guide walks you through the setup process for enabling Single Sign-On (SSO) for your Workspace with Microsoft Azure Active Directory (Azure AD). Once the SSO is configured for your Workspace, users will be redirected to your configured Azure AD identity provider to complete the login and upon successful login they will be able to access the Workspace.

We support SSO login to DevRaven using OAuth/OpenID Connect (OIDC).

Setup Instructions

In DevRaven

1. Login to your DevRaven Workspace as a Admin User.
2. Navigate to Settings page from left nav.
3. Click Single Sign-On tab on the page.
4. A SSO Configuration page will be displayed.
5. Copy the OAuth Redirect URI shown for your Workspace. This URL will be used for configuration in Azure Portal below.

In Azure Portal

Create App Registration

1. Login to https://portal.azure.com
2. In the top search menu, search for App registrations.
3. Click App registrations from the list shown.
4. Click New registration button on the page.
5. Provide a name for the application. E.g. DevRaven - App Team Workspace
6. Select Accounts in this organizational directory only
7. Under Redirect URI, Select Web from the Select a Platform dropdown
8. Paste the copied OAuth Redirect URI as the Redirect URI.

9. Click Register 10. A new App registration will be created.

Configuring Authentication Properties

11. Click Authentication in the left nav menu.
12. Provide https://app.devraven.io/logout as Front-channel logout URL.
13. Select ID tokens (used for implicit and hybrid flows) under Implicit grant and hybrid flows section.
14. Click Save

Configuring Permissions

15. Click API Permissions from the left nav menu.
16. Remove User.Read permission if it's already available in the list of API/Permissions names.
17. Click Add a permission button.
18. A new fly-in page will be displayed. Click Microsoft Graph tile.
19. Click Delegated permissions tile.
20. Select Openid, email, profile from the list of permissions.
21. Click Add permissions

Creating a Client Secret.

22. Click Certificates & secrets from the left nav menu.
23. Click New client secret button.
24. Provide a name for the secret and select an appropriate Expires interval. Note that, you must generate a new client secret and update your SSO configuration in DevRaven before the expiry of this secret.

25. Copy the generated Value of the client secret for use below.
26. Click Overview from the left navigation menu.
27. Copy Application (client) ID value for use below.
28. Click Endpoints button.

28. A fly-in page will be displayed.
29. Copy the url for OpenID Connect metadata document. This url ends with /.well-known/openid-configuration

Back in DevRaven

1. Login to your DevRaven Workspace as a Admin User.
2. Navigate to Settings page from left nav.
3. Click Single Sign-On tab on the page.
4. A SSO Configuration page will be displayed.
5. Provide the Client ID copied above from Azure Portal.
6. Provide the Client Secret copied from Azure Portal.
7. Provide the Well-Known URL copied from Azure Portal.
8. Toggle Active to ON.
9. Leave Allow login with SSO only to OFF for now until your testing is complete. Then change this setting to ON.
10. Click Save Changes

The SSO configuration is now complete. You can now logout and try logging using your SSO credentails.

Once you confirm that the login is successful, remember to update the SSO configuration to set Allow login with SSO only to ON to disable Password-based and Google authentication to your Workspace.

note

If Allow login with SSO only property is not enabled for your SSO configuration, Workspace users would still be able to access the Workspace using username/password or can login via Google. Ensure that you toggle Allow login with SSO only to ON to restrict other login types for your Workspace