Set Up SSO with Azure AD
note
This feature is only available on the Teams and Enterprise tiers. Please contact Sales before doing these steps.
Supabase supports single sign-on (SSO) using Microsoft Azure AD.
Step 1: Add and register an Enterprise Application #
Open up the Azure Active Directory dashboard for your Azure account.
Click the Add button then Enterprise application.
Step 2: Choose Create your own application #
You'll be using the custom enterprise application setup for Supabase.
Step 3: Fill in application details #
In the modal titled Create your own application enter the name you wish
Supabase to be available to your Azure AD users. Supabase
works in most
cases.
Make sure to choose the third option: Integrate any other application you don't find in the gallery (Non-gallery).
Step 4: Choose the Set up single sign-on option #
Before you get to assigning users and groups, which would allow accounts in Azure AD to access Supabase, you need to configure the SAML details that allows Supabase to accept sign in requests from Azure AD.
Step 5: Select SAML single sign-on method #
Supabase only supports the SAML 2.0 protocol for Single Sign-On, which is an industry standard.
Step 6: Upload SAML-based Sign-on metadata file #
First you need to download Supabase's SAML metadata file. Click the button below to initiate a download of the file.
Alternatively, visit this page to initiate a download: https://alt.supabase.io/auth/v1/sso/saml/metadata?download=true
Click on the Upload metadata file option in the toolbar and select the file you just downloaded.
All of the correct information should automatically populate the Basic SAML Configuration screen as shown.
Make sure you input these additional settings.
Setting | Value |
---|---|
Sign on URL | https://supabase.com/dashboard/sign-in-sso |
Relay State | https://supabase.com/dashboard |
Finally, click the Save button to save the configuration.
Step 7: Obtain metadata URL and send to Supabase #
Supabase needs to finalize enabling single sign-on with your Azure AD application. To do this, please copy and send the link under App Federation Metadata Url in *section 3 SAML Certificates* to your support contact and await further instructions. If you're not clear who to send this link to or need further assistance, please reach out to support@supabase.com.
Do not test the login until you have heard back from the support contact.
Step 8: Wait for confirmation #
Please wait for confirmation or further instructions from your support contact at Supabase before proceeding to the next step. It usually takes us 1 business day to configure SSO for you.
Step 9: Test single sign-on #
Testing sign-on before your Azure AD has been registered with Supabase will not work. Make sure you've received confirmation from your support contact at Supabase as laid out in the confirmation step.
Once you’ve received confirmation from your support contact at Supabase that SSO setup has been completed for your enterprise, you can ask some of your users to sign in via their Azure AD account.
You ask them to enter their email address on the Sign in with SSO page.
If sign in is not working correctly, please reach out to your support contact at Supabase for further guidance.