Documentation

Configure SSO via Entra ID (Azure)

Suggest Edits

SAML Configuration

Below are the steps for setting up SAML with Entra ID:

Obtain Your Sublime Single Sign-on URL

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to SAML
  3. Copy/take note of the Single Sign-on URL. You'll use this URL in the next section when configuring SAML for your Azure application.

Azure Configuration

  1. Navigate to the Azure portal and search/open Enterprise Applications
  2. Click + New Application
  1. Click + Create your own application
  2. Input a name for the application such as Sublime Platform, ensure the bottom radio button is selected, and click Create
  3. Select the Integrate any other application you don't find in the gallery (Non-gallery) radio option
  1. Once created, on the left hand side, click Single sign-on
  2. Click SAML
  1. In the Basic SAML Configuration section, click Edit
  2. Click Add Identifier , click Add Reply URL
  3. Paste the URL taken from the Sublime Console into Identifier, Reply URL, and Sign On URL. Then click Save at the top.
  1. Verify the Attributes & Claims section matches below (it should by default)
AttributeClaim
givennameuser.givenname
surnameuser.surname
emailaddressuser.mail
nameuser.userprinciplename
Unique User Identifieruser.userprinciplename

  1. Scroll down to the SAML Certificates section and copy the App Federation Metadata URL. You'll use this URL in the next section to complete the configuration.

Add SAML Settings to Sublime

  1. Navigate back to the Sublime Console and paste that Metadata URL into the Sublime Metadata URL within the Configure SAML window. Then click Save.

Test SAML Configuration

  1. Add/Ensure the expected user(s) to test are present in both the Sublime Console and the Azure Sublime enterprise app.
  2. In the Single sign-on section of the the Sublime Enterprise app, Click Test and then Test Sign-on
    1. If successful, you can now change the Sublime Allowed methods config to disable username/password login.
    2. If unsuccessful, please double check all fields with URL values across both platforms and contact us if you're still running into any issues 👋

OIDC Configuration

Below are the steps for configuring OIDC with Entra ID:

Obtain Your Sublime Redirect URI

  1. Sign in to your Sublime instance. Navigate to Admin > Account
  2. Scroll down and under the Authentication section, click the pencil icon next to Open ID Connect
  3. Copy/take note of the Redirect URI. You'll use this URL in the next section when configuring OIDC for your Azure application.

Configure Azure

  1. Navigate to the Azure portal and search/open App Registrations
  2. Click New Registration
  1. Give your application a name, such as "Sublime Platform"
  2. Under Supported account types select Accounts in this organizational directory only if it's not already selected by default
  3. Click Register (skip the Redirect URI section)
  1. In the Overview section of the application's settings, note the Application (client) ID and the Directory (tenant) ID. You'll use these IDs later.
  1. Navigate to the application authentication settings via Manage > Authentication
  2. Click Add Redirect URI
  3. In the panel that opens, click Web
  1. Under Redirect URI, paste the Redirect URI from Sublime
  2. Under Implicit grant and hybrid flows, select ID tokens
  1. Click Configure
  2. Navigate to the Certificates & secrets settings page via Manage > Certificates & secrets
  3. Click New client secret
  4. Give the client secret a name like "Sublime SSO" and select an expiration of "24 months"

  1. Click Add

    1. Note both the Value and the Secret ID of the new client secret for the next section

Add OIDC Settings to Sublime

  1. Log into the Sublime Platform
  2. Navigate to Admin > Account
  3. Under Authentication, click the button next to Open ID Connect
  4. Enter your OIDC issuer URL, client ID, and client secret
    1. Your issuer URL is https://login.microsoftonline.com/TENANT_ID/v2.0, with TENANT_ID being the Directory (tenant) ID you noted earlier
    2. Your Client ID is the Secret IDnoted in the previous step
    3. Your Client Secret is the Secret Value noted in the previous step
  5. Click the Save button

Test OIDC Configuration

You should now be able to sign into Sublime with your OIDC identity provider. You can verify the integration is working by either selecting the Sublime Platform application in your provider (for example, Okta), or by loading the Initiate login URL from your OIDC settings in Sublime.

📘

Matching User Required

For a user to successfully sign into Sublime with your OIDC identity provider, there must already be a matching user with the same email address in Sublime.

Updated about 20 hours ago