Before you start

Supported on the Organization and Enterprise plans

Only organization admins can set up SAML SSO.

You need an existing Microsoft Azure Active Directory account

Organizations that manage users with Azure Active Directory can configure SAML SSO in Figma. Figma supports both identity (Azure AD) and service (Figma) initiated configurations.

We recommend having both Figma and Azure AD open in separate tabs. This allows you to switch between them throughout the setup process.

Set up SAML SSO

Open SAML in Figma

Open your organization's SAML SSO settings in Figma. We'll come back to this page to configure SAML SSO in Figma, later on in the process.

1. Open the organization in Figma.
2. In the sidebar, select Admin settings.
3. Select the Settings tab.
4. In the Login and provisioning section, click Authentication.
5. Make sure authentication is set to Members may log in with any available method... Click Done.
6. From the Login and provisioning section, click SAML SSO.
7. Figma opens a modal dialog with some key information for the SAML process.
   • Tenant ID: 123456789123456789
   • SP entity ID: http://www.figma.com/saml/123456789123456789
   • SP ACS URL: http://www.figma.com/saml/123456789123456789/consume

Figma uses your Tenant ID to generate your SP identity ID and SP ACS URL. You’ll need these when configuring SAML in Azure AD. You’ll use the SP entity ID to create a URL for service-provider initiated authentication.

Add Figma to Azure

Add Figma to your Azure portal.

1. Open Azure in the overview page
2. Select Enterprise applications
3. Land on the All applications section
4. Click Add application to browse Azure AD Gallery
5. Search for Figma and select the correct result
6. Click Create to add the application to Azure AD
7. Azure will show a success message and redirect you to the Figma application overview:

Assign a test user

Assign a test user to Figma in Azure. This allows you to complete the SAML setup process and test the application.

1. Select Assign users and groups from the options.
2. Click + Add user/group to open the assignments page.
3. Click Users and groups, click None selected.
4. Search for test user. We recommend using your own account so that you can test the login at the end of the setup process.
5. Click to add and return to the assignments page.
6. Click Assign button to return to application page.

Configure SAML in Azure

Set up SAML in Azure. You’ll need the Tenant ID Figma provides to complete the process.

We recommend having both Figma and Azure AD open in separate tabs. This allows you to switch between them throughout the setup process.

1. Select Single sign-on in panel
2. Select SAML from options
3. Under Basic SAML Configuration, click Edit to make changes
4. Switch to the Figma tab in your browser.
5. Next to the Tenant ID, click Copy
6. Switch to the Azure tab in your browser.
7. Under Identifier (Identity ID), click Add identifier
8. Type in https://www.figma.com/saml/ in the field provided, then paste your Tenant ID to complete the URL.
9. Copy the entire URL from the field to your clipboard.
10. Under Reply URL (ACS link), click Add reply URL.
11. Paste the identity URL in the field, then add /consume to the end of the link.
12. In the Sign on URL (Optional) field, paste the identity URL again, then add /start to the end of the link.
13. Click Save at the top of the screen:
14. Click X in the top-right corner to return to the Figma application page.

Configure SAML in Figma

Now you can configure SAML in Figma. You’ll need the metadata link from Azure AD to complete the process in Figma.

1. Open the Figma application in Azure AD.
2. Scroll down to the SAML Signing Certificate section.
3. Next to the App Federation Metadata XML, click Copy.
4. Switch to the Figma tab in your browser.
5. Click Configure SAML in the dialog.
6. Select Microsoft Azure Active Directory from the options.
7. Paste the link in the IdP metadata URL field.
8. Click Review to make sure the details are correct.
9. Check the box next to This information is correct.
10. Click Configure SAML SSO. Figma will return you to the Settings tab where you’ll see SAML SSO is now enabled:

Map user attributes

Map your user attributes between Figma and Azure Active Directory.

Figma expects certain attributes in the SAML response. Some of these are required attributes and some are pre-populated but optional. You can review and adjust the optional attributes.

1. Switch to the Azure AD tab in your browser and make sure you’re on the SAML sign-on page.
2. Find the Attributes & Claims section. Click the pencil icon to edit these attributes.
3. You can review and adjust any optional attributes. Make sure you don’t remove or adjust any required attributes.

Name	Source attribute	Required
GivenName	user.givename	Required
Surname	user.surname	Required
Emailaddress	user.mail	Required
Name	user.userprincipalname	Required
Unique User Identifier	user.userprincipalname	Required
displayName	user.displayname	Pre-populated (Optional)
title	user.jobtitle	Pre-populated (Optional)
emailaddress	user.mail	Pre-populated (Optional)
familyName	user.surname	Pre-populated (Optional)
givenName	givenName	Pre-populated (Optional)
userName	user.userprincipalname	Pre-populated (Optional)

Test the application

With both Figma and Azure configured you can test the application. You’ll need to test this process with the user you added earlier.

If you skipped this step, you’ll need to assign a user to Figma ↑ first. We recommend adding your own account.

1. Switch to the Azure AD tab in your browser and make sure you’re on the SAML sign-on page.
2. Select Test this application at the top of the page.
3. Click the Test sign in button. Azure AD will open a new tab and log you into Figma using SAML SSO.

Make SAML SSO mandatory

If the test process was successful, you can now allow other members to log in using their SAML SSO credentials. If you want to make log in via SAML mandatory for members, you can update the organization's authentication settings.

1. Open the organization in Figma.
2. In the sidebar, select Admin settings and go to the Settings tab.
3. In the Login and provisioning section, click Authentication.
4. Make sure authentication is set to Members may log in with any available method... Click Done.

Set up automatic provisioning with SCIM

You'll need an API token from Figma to set up SCIM in Azure AD. We recommend having both Figma and Azure AD open to make it easier to copy between them.

Generate Figma API token

1. From the file browser, click Admin settings.
2. Select Settings at the top of the screen.
3. In the Login and provisioning section, click SCIM provisioning.
4. Click Generate API Token in the dialog.
5. Copy the API token to your clipboard. You'll need this to complete the process in Azure.

Configure SCIM in Azure AD

You'll need your Tenant ID and API Token from Figma. Remember to swap the <TENANT ID> placeholder in the URL below with the Tenant ID Figma generated.

1. In your Azure Portal go to Enterprise Applications > All Applications
2. Select the Figma app.
3. Go to the Manage section and select Provisioning.
4. Set the Provisioning Mode to Automatic.
5. Enter the following details in the Admin Credentials section:
   1. Enter the URL in the Tenant URL field: https://www.figma.com/scim/v2/<TenantID>
   2. Enter the API Token in the Secret Token field.
   3. Click Test Connection to make sure that Azure AD can connect to Figma.
6. Enter the desired email address in the Notification Email field.
7. Check the box next to Send an email notification when a failure occurs and click Save to apply.
8. In the Mappings section, select Synchronize Azure Active Directory Users to Figma.
9. In the Attribute Mappings section, review the Azure Active Directory Attribute and the corresponding Figma Attribute.
10. Click the Save button to apply any changes.
11. Under Settings, toggle the Provisioning Status > On.
12. Define which users and/or groups you would like to provision to Figma. Choose from:
    • Sync all users and groups
    • Sync only assigned users and groups
13. Click Save to apply your provisioning settings.