Configure and Provision SAML SSO with Azure Active Directory

Who can use this feature?

🔒 Users on the Figma Organization Plan
👤 Only Organization Admins can configure SAML SSO
👤 You will need to have an existing Microsoft Azure Active Directory account

Learn more about SAML SSO in our Getting Started with SAML SSO article.

Figma supports both IdP and SP initiated SAML. Our integration with Azure Active Directory supports both Authentication and Provisioning for SAML.

To configure SAML SSO with Azure:

  1. Add Figma to your Azure Portal
  2. Configure SAML SSO in Figma
  3. Configure SAML SSO in Azure
  4. Set up Automatic Provisioning via SCIM

Note: Microsoft recommends testing your SAML Configuration in a sandbox environment. You can do this before you configure Automatic Provisioning via SCIM. Find detailed instructions in Microsoft's Azure Active Directory SSO Integration with Figma article.

Add Figma to Azure AD

You will need to add Figma to your Azure Portal and enable SAML SSO. This will generate an App Federation Metadata URL, which connects the two applications.

  1. Log in to your Azure Portal and using the left navigation menu open Azure Active Directory.
  2. Select Enterprise Applications and then All Applications.
  3. Click on the Enterprise Applications setting.
  4. In the Manage section, select All Applications.
  5. Click the + New application button.
  6. Search for Figma in the field provided and click Add to add the application to your portal.
  7. Go to the Single Sign-On configuration page.
  8. Set the Mode as SAML-based Sign-On.
  9. Copy the App Federation Metadata URL.

Configure SAML SSO in Figma

Next you will need to set up the Azure Active Directory integration in Figma.

  1. Click on the Organization’s name in the File Browser and go to the Settings tab.
  2. In the General tab, find the Log in and Provisioning section.
  3. Click the Update Log In Settings link.
  4. Click the Configure SAML button at the bottom of the SAML SSO section:
  5. Select Microsoft Azure Active Directory from the options
  6. Enter the IdP Metadata IRL (App Federation Metadata URL) you got from Microsoft Azure. Click Review.
  7. Check the box to confirm This information is correct... and click Configure SAML SSO.
  8. Figma will show your configuration in the SAML SSO section.
  9. Click the Copy link next to your Tenant ID. Your Tenant ID will form the Tenant URL, which you'll need during the set up process in Azure: https://www.figma.com/saml/<<strong>TENANT ID</strong>>

Configure SAML SSO in Azure

Complete these steps to configure SAML SSO in Azure Active Directory. You can choose to initiate SAML from the IdP (Azure Active Directory) or SP (Figma).

Configure SAML SSO

  1. In your Azure Portal open the Figma app.
  2. In the Manage section, select Single Sign-On
  3. On the Select a single sign-on method page, select SAML.
  4. Click the pen icon next to Basic SAML Configuration
  5. To configure in in IDP initiated mode:

    a. In the  Identifier field enter the URL: https://www.figma.com/saml/<TENANT ID><br> b. In the Reply URL field enter the URL: https://www.figma.com/saml/<TENANT ID>/consume 
    Swap the <TENANT ID> placeholder with the Tenant ID generated by Figma.

  6. To configure in SP initiated mode:
    • Click Set additional URLs
    • In the Sign-on URL field enter the URL: https://www.figma.com/saml/<TENANT ID>/start

    Swap the <TENANT ID> placeholder with the Tenant ID generated by Figma.

Map User Attributes

You can also map your User attributes in Azure Active Directory.

Required

There are some Required attributes that you will need to keep.

GivenName user.givenname
Surname user.surname
Emailaddress user.mail
Name user.userprincipalname
Unique User Identifier user.userprincipalname

Pre-Populated

Figma will pre-populate some other attributes. You can review and adjust these as required.

externalId user.mailnickname
displayName user.displayname
title user.jobtitle
emailaddress user.mail
familyName user.surname
givenName givenName
userName user.userprincipalname

Test your SAML Configuration

Microsoft recommends testing your SAML configuration before adding or importing your accounts.

  1. Create a Test User in Azure AD
  2. Assign the Test User to Figma in Azure AD
  3. Figma Creates a Corresponding Test User in Figma
  4. Test the SSO Process

Find detailed instructions in  Microsoft Azure's Tutorial: Azure Active Directory single sign-on (SSO) integration with Figma.

Set up Automatic Provisioning via SCIM

To set up Automatic Provisioning you will need to:

  1. Generate an API Token in Figma
  2. Configure Automatic Provisioning in Azure AD

We recommend having both of these windows open at the same time, to make that process easier.

Generate an API Token in Figma

  1. In Figma, click on your Organization and go to the Settings tab.
  2. On the General page click the Update Log in Settings link.
  3. In the SAML SSO section, copy the Tenant ID.
  4. In the SCIM Provisioning section, click Generate API Token.
  5. Copy the API Token value.

Configure Automatic Provisioning in Azure AD

You'll need your Tenant ID and API Token from Figma

  1. In your Azure Portal go to Enterprise Applications > All Applications
  2. Select the Figma app.
  3. In the Manage section select Provisioning
  4. Set the Provisioning Mode to Automatic
  5. In Admin Credentials section:
    1. Enter the following in the Tenant URL: https://www.figma.com/scim/v2/<TenantID>  Swap the <TENANT ID> placeholder with the Tenant ID generated by Figma.
    2. Enter the API Token in the Secret Token field.
    3. Click Test Connection to make sure that Azure AD can connect to Figma.
  6. Next you will need to set up a notification for any failures:
    1. Enter the desired email address in the Notification Email field.
    2. Check the box next to Send an email notification when a failure occurs.
    3. Click Save to apply.
  7. Next you can review your User Attribute Mappings:
    1. In the Mappings section, select Synchronize Azure Active Directory Users to Figma.
    2. In the Attribute Mappings section, review the Azure Active Directory Attribute and the corresponding Figma Attribute.
    3. Click the Save button to apply any changes.
  8. In the Settings section you can:
    1. Toggle the Provisioning Status > On.
    2. Define which users and/or groups you would like to provision to Figma. Choose from:
      • Sync all users and groups
      • Sync only assigned users and groups
  9. Click Save to apply your provisioning settings.

Note: These instructions are modified from Microsoft Azure's Tutorial. Check out Configure Figma for automatic user provisioning for screenshots and detailed explanations.

Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.