Azure AD

This article contains information on how to configure the logging in process with SAML in case of the Azure AD.

General requirements and limitations

Logging into GitProtect using SAML-integrated identity providers should be initiated from the GitProtect Management Service.

Do not log in from the IdP panel (e.g. from the Okta panel) to the application defined for GitProtect.

Do not test the integration from the IdP panel (e.g., from the Azure panel), as this will initiate a login from the IdP panel.


In order to set up SAML integration on GitProtect login to, select Azure Active Directory and click Enterprise applications.

Use New application button and then Create your own application.

Enter a custom name for the app and select Integrate any other application you don’t find in the gallery(Non-gallery).

Confirm the configuration with Create button.

Open the Single sign-on tab and select SAML.

Set up Basic SAML configuration by using the Edit button.

Set up a unique Identifier i.e. SAMLTestAzure

Reply URL to https://GitProtectManagementServiceURL/Auth/AssertionConsumerService,

Logout URL to https://GitProtectManagementServiceURL/auth/SAMLLogoutResponse, where:

GitProtectManagementServiceURL - URL address to your GitProtect Management Service.

After that, use the Save button.

Group claim configuration is necessary to use group mapping and assign different permissions to different user groups.

Click the Edit button next to Attributes & Claims and use Add a group claim button.

Select All groups and go to Advanced options. Check the Filter group box and fill in the fields as follows:

  • Attribute to match: Display name

  • Match with: Prefix

  • String: XONE

After that check the box next to Customize the name of the group claim option. Enter xoperogroup in the Name field and save your settings using the Save button.

Go back to the SAML-based Sing-on page and copy App Federation Metadata Url.

After saving these settings open the Users and groups tab and click Add user/group button, select the users that you want to be able to log into the GitProtect application and save your settings.

GitProtect side

Log into the GitProtect Web panel, go to the Settings tab and open the External Identity Providers section. Click Add new provider button and fill in the details.

At first, Name, which is your own custom name - i.e. Azure AD, then Entity ID, so in this example, it is SAMLTestAzure (Identifier that we’ve set on the AzureAD side).

Next, paste the App Federation Metadata Url into the Metadata URL field.

Set up a default Language and Role for the users with proper permissions and it's done! You can now log out of your account and test the configuration with your configured integration.

More about the Roles in GitProtect you can see in the following article:

pageRoles and permissions

Group mapping

Use the Group mapping button and then add new ones via the Add new group mapping button.

Last updated