Configure Azure Active Directory SAML SSO
IMPORTANT You can only use SAML SSO if you are on Figma’s Organizations plan and have an Azure Subscription. Learn more about Figma's plans here: https://www.figma.com/pricing
If you're using Microsoft Azure, then you can configure your Figma Organization to allows users to login to their account using their Azure AD credentials.
This also allows you to control who has access to your Figma account, and manage your user accounts in one place, directly in Azure AD.
In this article, we'll take you through the steps required to get SAML SSO set up with Azure AD:
- Enable Single Sign-On in Azure Active Directory
- Configure Azure Active Directory in Figma
- Complete Figma's Configuration
- Test SSO with a Test User
Learn more about SAML SSO in our Getting Started with SAML SSO article.
1 | Enable Single Sign-On in Azure Active Directory
Once you have your configuration details, you can start the setup process in your Azure account. You will need to create a new Non-Gallery application for Figma in your Azure portal.
- Login to your Azure Portal and go to Azure Active Directory in the left-hand navigation menu.
- Select Enterprise Applications and then All Applications.
- Click the New Application button.
- Search for Figma in the field provided and click Add to add the application to your portal.
- Once it's added, you can go to the Single Sign-On configuration page.
- Set the Mode as SAML-based Sign-On to enable.
- Copy the App Federation Metadata URL, you'll need it for the next step!
2 | Configure Azure Active Directory in Figma
Next you will need to set up the Azure Active Directory integration in Figma.
- Open the Admin Console in your Figma Organization:
- From the General page, find the Sign in and Provisioning section.
- Click the Update Sign In Settings link:
- From the Authentication and Provisioning page, you can set your Authentication preference.
- Before you can select SAML SSO from the options, you will need to Configure SAML. Click the Configure SAML button at the bottom of the SAML SSO section:
- In the Configure SAML SSO modal, select Microsoft Azure Active Directory from the Identity Provider (Idp) section.
- Enter the IdP Metadata IRL (App Federation Metadata URL) you generated in the first step:
- Click Review. You'll be prompted to review and confirm the details are correct.
- WARNING: This is the only time you will be able to make changes to your details, without having to contact customer support.
Check the box to confirm This information is correct... and click Configure SAML SSO.
- You will now see a confirmation of your Azure Active Directory SAML SSO Configuration in the SAML SSO section.
- Click the Copy link next to your Tenant ID. You will need this during the set up process in Azure Active Directory:
3 | Complete Figma's Configuration
Once you have shared your App Federation Metadata URL in Step 2.7, follow the configuration instructions provided by Microsoft: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/figma-tutorial#configure-and-test-azure-ad-single-sign-on
4 | Test the SSO process with a User
Microsoft Azure recommend testing this with some test user accounts, before adding or importing all of your accounts.
- Creating a test user in Azure AD.
- Creating a test user in Figma(with the same credentials as in Azure AD).
- Assign the Azure AD user to the corresponding Figma account.
- Test the SSO process.
You can find detailed step-by-step instructions on how to do this in Microsoft Azure's article here: https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/figma-tutorial#configure-and-test-azure-ad-single-sign-on(Start from the"Create an Azure AD test user" section!)