SAML SSO with Azure Active Directory
Before you start
Who can use this feature
Supported on the Figma Organization plan
Only Organization Admins can set up SAML SSO.
You will need to have an existing Microsoft Azure Active Directory account
Organizations that have stricter security requirements can configure SAML SSO. Learn more about SAML SSO in Figma →
You can use Okta as your identity provider to authenticate and provision users. Figma supports SAML SSO initiated from both Okta (identity provider) and Figma (service provider).
Note: Microsoft recommends testing your SAML Configuration in a sandbox environment. You can do this before you configure Automatic Provisioning via SCIM. Find detailed instructions in Microsoft's Azure Active Directory SSO Integration with Figma article.
Add Figma to Azure AD
Add Figma to your Azure Portal and enable SAML SSO. This generates an App Federation Metadata URL, which you can then use to connect the two applications.
- Log in to your Azure Portal and using the left navigation menu open Azure Active Directory.
- Select Enterprise Applications and then All Applications.
- Click on the Enterprise Applications setting.
- In the Manage section, select All Applications.
- Click the + New application button.
- Search for Figma in the field provided and click Add to add the application to your portal.
- Go to the Single Sign-On configuration page.
- Set the Mode as SAML-based Sign-On.
- Copy the App Federation Metadata URL.
Set up SAML SSO in Figma
Next you'll need to set up SAML SSO in your Organization's Admin Settings.
- Open Figma in the file browser.
- Click Admin Settings under the Organization name in the sidebar.
- Select Settings at the top of the screen.
- In the Login and provisioning section, click SAML SSO.
- Click Configure SAML and select Microsoft Azure Active Directory.
- Enter the App Federation Metadata URL from Azure AD and click Review.
- Check the box to confirm This information is correct... and click Configure SAML SSO.
- Click the Copy link next to your Tenant ID. You'll need this to complete the set up process in Azure AD.
You need to decide if logging in via SAML SSO is mandatory, or if users can still login via email address and password. Learn more about authentication options →
Set up SAML SSO in Azure
Complete these steps to configure SAML SSO in Azure Active Directory. You can choose to initiate SAML from the Azure Active Directory or Figma.
Configure SAML SSO
Remember: Swap the <TENANT ID>
placeholder with the Tenant ID generated by Figma.
- In your Azure Portal open the Figma app.
- In the Manage section, select Single Sign-On
- On the Select a single sign-on method page, select SAML.
- Click the pen icon next to Basic SAML Configuration
- To configure in in IDP initiated mode:
- In the Identifier field enter the URL:
https://www.figma.com/saml/<TENANT ID>
- In the Reply URL field enter the URL:
https://www.figma.com/saml/<TENANT ID>/consume
- In the Identifier field enter the URL:
- To configure in SP initiated mode:
- Click Set additional URLs
- In the Sign-on URL field enter the URL:
https://www.figma.com/saml/<TENANT ID>/start
Map user attributes
Map your user attributes between Figma and Azure Active Directory.
Required
There are some required attributes that you will need to keep.
GivenName | user.givenname |
Surname | user.surname |
Emailaddress | user.mail |
Name | user.userprincipalname |
Unique User Identifier | user.userprincipalname |
Pre-Populated
Figma will pre-populate some other attributes. You can review and adjust these as required.
externalId | user.mailnickname |
displayName | user.displayname |
title | user.jobtitle |
emailaddress | user.mail |
familyName | user.surname |
givenName | givenName |
userName | user.userprincipalname |
Test your SAML Configuration
Microsoft recommends testing your SAML configuration before adding or importing your accounts.
- Create a test user in Azure AD.
- Assign the test user to Figma in Azure AD.
- Figma will create a corresponding test user account in Figma
- Test the SSO process with this user.
Find detailed instructions in Microsoft Azure's Tutorial: Azure Active Directory single sign-on (SSO) integration with Figma.
Set up automatic provisioning with SCIM
You'll need an API token from Figma to set up SCIM in Azure AD. We recommend having both Figma and Azure AD open to make copying between them easier.
Generate an API token in Figma
- Click Admin Settings under the Organization name in the sidebar.
- Select Settings at the top of the screen.
- In the Login and provisioning section, click SCIM provisioning.
- Click Generate API Token in the dialog.
- Copy the API token to your clipboard. You'll need this to complete the process in Okta.
Configure SCIM in Azure AD
Note: You'll need your Tenant ID and API Token from Figma. Remember to swap the <TENANT ID>
placeholder in the URL below with the Tenant ID Figma generated.
- In your Azure Portal go to Enterprise Applications > All Applications
- Select the Figma app.
- Go to the Manage section select Provisioning.
- Set the Provisioning Mode to Automatic.
- Enter the following details in the Admin Credentials section:
- Enter the URL in the Tenant URL field:
https://www.figma.com/scim/v2/<TenantID>
- Enter the API Token in the Secret Token field.
- Click Test Connection to make sure that Azure AD can connect to Figma.
- Enter the URL in the Tenant URL field:
- Enter the desired email address in the Notification Email field.
- Check the box next to Send an email notification when a failure occurs and click Save to apply.
- In the Mappings section, select Synchronize Azure Active Directory Users to Figma.
- In the Attribute Mappings section, review the Azure Active Directory Attribute and the corresponding Figma Attribute.
- Click the Save button to apply any changes.
- Under Settings, toggle the Provisioning Status > On.
- Define which users and/or groups you would like to provision to Figma. Choose from:
- Sync all users and groups
- Sync only assigned users and groups
- Click Save to apply your provisioning settings.
Note: These instructions are modified from Microsoft Azure's Tutorial. Check out Configure Figma for automatic user provisioning for screenshots and detailed explanations.