Setup SSO for ImageKit on Azure
There are two main steps required to set up SSO using Azure on ImageKit:
Azure subscription
Although you may use a free account on Azure to set up and test the SSO application, having a premium Azure subscription is recommended for seamless role provisioning for your users. Read more here.
First, you need to create an application on Azure Active Directory and generate a Federation Metadata XML file.
- 1.
- 2.Navigate to the "Enterprise applications" screen using the side navigation menu
- 3.Click the "New application" button, then click on "Create your own application"
- 4.In the form that opens up, choose the "Non-gallery application" radio button as shown below.
- 5.Input a name for the application, we will use "ImageKit" for this guide.
Click "Create" and wait until you are redirected to the application page.
Create a non-gallery application
On the application page, navigate to the 'Single sign-on' screen. Select "SAML" as the single sign-on method.
Single sign-on method
On the next screen, we will configure various authentication URLs as shown:
Field | Value |
Identifier | https://imagekit.io/saml/consume |
Reply URL | https://imagekit.io/saml/consume |
Relay State | https://imagekit.io/dashboard |
Logout Url | https://imagekit.io/logout |
Basic SAML configuration
Now you need to specify four keys that ImageKit uses to authorize and provision your users:
Field | Description | Claim composition |
Unique User Identifier | The unique email address of the user that will be used to identify them on ImageKit. | user.mail |
imagekit_id | The ImageKit ID of your organization account. | <your_imagekit_id> |
full_name | The full name of the user. It can be a combination of their given name and surname on Azure AD. | Join (user.givenname, " ", user.surname) |
imagekit_role | The role to assign to the user on ImageKit which would decide their access privileges.
Accepted values of this key in the SAML response sent to ImageKit are:
| user.<your_custom_attribute> OR a custom transformation, as per your Azure user schema.
The final computed value of this claim must be one of the accepted role strings from the list specified alongside. |
For the purpose of this guide, we will map "imagekit_role" to
user.department Azure key. Ensure that this field is populated correctly in your Azure user object while testing the app.
Attributes and claims
Save the list of attributes and claims to finish this step.
Download the Federation Metadata XML file and keep it in a safe location. You will need to upload this XML file to your ImageKit account in a later step.
Download Federation Metadata XML
Enable SSO for all users
If you have administrator privileges on your ImageKit account, you can enable SSO for all the users in your account as follows:
- 1.
- 2.Open the Federation Metadata XML file (which was downloaded previously) in a text editor of your choice.
- 3.Copy and paste the entire contents of the file into the Metadata XML input box.
- 4.Click on the 'Save' button.
Your users should now be able to use Microsoft Azure SSO to log into ImageKit. You can verify this by clicking the 'Test' button on the 'Single sign-on' set up screen on Azure.
SSO users would need to initiate their very first login on ImageKit through the Azure app by navigating to their My Apps page.
First-time login
After their first login, they may use the ImageKit SSO login page for signing in to ImageKit directly. Read more here.
ImageKit SSO login screen
You can disable SSO login for the users on your ImageKit account by deleting the Metadata XML.
If you face any issues while using these features or have a question or suggestion, please reach out to us at [email protected]
Last modified 9mo ago