Before you Start
Who can use this feature
Users on the Figma Organization Plan
Only Organization Admins can configure SAML SSO.
If you use Microsoft's Active Directory Federated Service (ADFS), you can set up SAML SSO for your Figma Organization.
To use this integration you will need to:
- Have an ADFS instance of 3.0 or later
- Expose the SAML endpoint for ADFS
Add Figma to ADFS
There are a few pieces of information that you'll need from Figma during the set up process. We recommend having this open in another tab or window, so you can quickly copy it across.
- In the File Browser, click on your Organization and go to the Settings tab.
- On the General page, click the Update Log in Settings link.
- In the SAML SSO section find the:
- SP Entity ID
- SP ACS URL
Tip! These URLs will look very similar as they both include your Tenant ID. The only difference is that your SP ACS URL will have
/consume added to the end of it.
Add Figma to your instance
Now you need to add Figma as a "Relying Party Trust" to your ADFS instance.
- Open your ADFS instance.
- In the Actions column, click Add Relying Party Trust. This will open a wizard that will guide you through the set up process.
- On the Welcome screen, click “Start” to start the set up process.
- On the Select Data Source step, select Enter data about the relying party manually and click Next.
Add a Display name, like Figma or similar, then click Next to proceed.
- On the Configure Certificate step, click the Browse button. Select ADFS profile from the options and click Next.
- On the Configure URL step, select Enable support for the SAML 2.0 WebSSO protocol
On the same page, paste the Figma SP ACS URL in the field provided. The link should look something like this:
https://figma.com/saml/123456789123456789/consume. Click Next to proceed.
- On the Configure Identifiers step, paste in your SP Entity ID in the Relying party trust identifier field. The link should look something like this:
https://figma.com/saml/123456789123456789. Click Next to proceed.
- On the Choose Access Control Policy step, choose an access control policy. This determines who can authenticate their Figma account via SSO. Click Next to proceed.
- On the Ready to Add Trust step, click the Next button to complete the process.
- Click Close to finish the Wizard.
Add attributes to ADFS
Next, you need to add a rule to ADFS. This will ensure the integration sends LDAP attributes as claims.
- On the Edit Claim Issuance Policy page, click the Add rule button.
- Under Claim rule template, select Send LDAP Attributes as Claims. Click Next to proceed.
- On the Configure Claim Rule step:
- Enter a Claim rule name.
- For your Attribute store, select Active Director.
- In the LDAP Attribute... column, select E-Mail Address.
- In the Outgoing Claim Type... column, select E-Mail Address.
- Click Finish to complete the process and return to the Edit Claim Issuance Policy screen.
- Click Apply to apply the rule and return to the Issue Transform rules page.
- Under Claim rule template, select . Click Next to proceed.
- On the Configure Claim Rule step:
- For Claim rule name, enter Transform email address as NameID
- In the Incoming claim type, select E-Mail Address.
- In the Outgoing Claim Type column, select NameID
- In the Outgoing name ID format column, select Email
- Toggle Pass through all claim values.
- Click OK to complete the process and return to the Edit Claim Issuance Policy screen.
Click Apply to apply the rules to your instance.
Export signing certificate
Now you'll need to export your Signing Certificate, usually called the X509 certificate. We use this to verify your Organization via your Identity Provider.
- In your ADFS instance, go to Service > Certifications
- Click on the certificate under Token-signing and select View Certificate. certificate
- Click Copy to File > Ok.
- Click Next on Certificate Export Wizard.
- Select Base-64 encoded... from the options and click Next.
- Name your certificate file
figma.cerand click Next.
- Click Finish to export the certificate. ADFS will export the certificate to your configured downloads folder.
Complete the set up process in Figma
Now that you have everything set up in ADFS, you'll need to add your ADFS details to Figma. Our Set up a custom SAML configuration article takes you through that process.
You will need the following information from ADFS.
- IdP Entity Id: This lets us know which Identity Provider you are using.
- IdP SSO Target URL: We will use this link to connect to the Identity Provider when someone from your Organization attempts to login via SAML SSO. For ADFS, it should look something like this:
- Signing Certificate: This is the certificate that you have just downloaded.