Skip to content
  • There are no suggestions because the search field is empty.

Microsoft Azure (SAML, Enterprise)

How to configure SAML for Microsoft Azure in TestMonitor.

Single Sign-on (SSO) allows users to log in to TestMonitor using Microsoft Entra ID (formerly Azure Active Directory) as a trusted enterprise identity provider. It uses SAML (Security Assertion Markup Language), a widely used standard that lets Entra securely verify user identities and pass that information to TestMonitor. This enables employees to authenticate using their existing Microsoft 365 credentials.

Using Entra SAML SSO provides centralized identity security, streamlined onboarding, and full enterprise-level access control.

This feature is available to customers with an Enterprise plan.

Supported Features

  • Service Provider (SP)-Initiated SSO: Users start at TestMonitor and are redirected to Entra ID for authentication.
  • Identity Provider (IdP)-Initiated SSO: Users can launch TestMonitor directly from the Azure My Apps portal.
  • Full access control from Entra ID: Use Azure security groups, conditional access, MFA, and enterprise policies to manage who can access TestMonitor.
  • Custom sign-on button: A dedicated Sign in with SAML badge appears on the TestMonitor login screen.
  • Automatic account creation (auto-provisioning): Users are created automatically when signing in for the first time.
  • SCIM provisioning: Synchronize users and deprovision accounts automatically if SCIM is enabled in your environment.

Before You Begin

To configure Entra ID SAML SSO, ensure that you:

  • Have access to a Microsoft Entra tenant.
  • Have administrator permissions for that tenant.
  • Have a TestMonitor administrator account.
After completing these requirements, follow the steps below.

Set Up TestMonitor as an Enterprise Application in Entra

You must add TestMonitor as an Enterprise Application in Entra ID before completing SSO setup:

  1. Sign in to the Microsoft Entra admin portal.
  2. Navigate to Enterprise apps.
  3. Click New application.
  4. Select Create your own application.
  5. Name the app (e.g., TestMonitor) and choose Integrate any other application you don’t find in the gallery (Non-gallery).
  6. Click Create.
  7. Once created, open the TestMonitor application.
  8. In the left menu, select Single sign-on and choose SAML.
  9. Keep the SAML configuration page open—you’ll need these details in the next step.

Let’s get started with configuring SSO in TestMonitor.

Configure Single Sign-on in TestMonitor

Once the TestMonitor app has been created in Entra ID, you can proceed with configuring TestMonitor:

  1. Click on the gear icon on the top to head over to the general settings.
  2. Under Security in the left menu, select Single Sign-on.
  3. Toggle the switch to Use Single Sign-on.
  4. Select SAML as your SSO provider.
  5. You’ll need to copy several URLs from TestMonitor and enter them into the appropriate fields on the SAML configuration page:
    1. On the Entra SAML configuration page, click the Edit button in the Basic SAML Configuration section (step 1).
    2. Click on Add identifier for the Identifier (Entity ID). A text input will appear.
    3. Copy the Metadata URL (Entity ID) from TestMonitor and enter it in the Identifier (Entity ID) field.
    4. Copy the ACS URL from TestMonitor and enter it into the Reply URL (Assertion Consumer Service URL) field.
    5. Copy the Login URL (SLO) from TestMonitor and enter it into the Sign on URL field.
    6. Click Save.
  6. Next, you’ll need to copy several URLs from Entra ID and enter them into the appropriate fields on the TestMonitor SSO page:
    1. On the Entra SAML configuration page, locate the Login / Microsoft Entra Identifier / Logout URL's (listed in step 4).
    2. Copy the Login URL from Entra and enter it in the SSO URL field in TestMonitor.
    3. Copy the Microsoft Entra Identifier from Entra and enter it into the Issuer URL field.
    4. Copy the Logout URL from Entra and enter it into the SLO URL field.
  7. You'll need to supply the certificate used to digitally sign and encrypt authentication data:
    1. In Entra, download the Base64 version of the certificate (listed in step 3).
    2. Open the certificate file in a text editor, such as Notepad or TextEdit.
    3. Copy the entire content of the certificate file, including the lines that begin with "-----BEGIN CERTIFICATE-----" and end with "-----END CERTIFICATE-----".
    4. Paste the contents into the X.509 Certificate field within TestMonitor.
  8. Enter your company name in the Company Name field, which appears on the TestMonitor login screen.
  9. Optionally, enable Disable Default Login to prevent non-administrator users from signing in with their TestMonitor email and password, ensuring they can only access TestMonitor via SSO.
  10. Click on Save in TestMonitor to activate your SAML configuration.

Microsoft Entra offers a built-in option to test your SAML configuration if needed:

  1. Ensure that your Entra account email address is also registered as a user in TestMonitor.
  2. Locate the Test single sign-on step in Entra (step 5).
  3. Click on the Test button.
  4. If your SAML configuration is correct, you’ll be seamlessly signed in with your Microsoft Entra account.

After enabling Single Sign-on, you have the option to activate SCIM provisioning, which automatically synchronizes user accounts assigned to the Entra TestMonitor application with your TestMonitor environment.

Using Single Sign-on via Entra

To authenticate using Entra ID (SAML):

  1. Open your TestMonitor login page (e.g., mydomain.testmonitor.com).
  2. Click the Sign in with My Company button (using the company name you specified).
  3. You’ll be redirected to the Microsoft sign-in page, enter your work account credentials.
  4. After successful authentication, Entra redirects you back to TestMonitor.
  5. You are now signed in.

Users can also access TestMonitor directly from the Azure My Apps portal when IdP-initiated SSO is enabled.

Configure SCIM Provisioning with Microsoft Entra

TestMonitor supports SCIM (System for Cross-domain Identity Management) for automated user provisioning and deprovisioning. When SCIM is enabled, Entra can automatically create, update, and remove users in TestMonitor based on your user assignments.

To activate SCIM, first make sure you've completed the SAML setup. Once you've done that, follow these steps:

  1. On the TestMonitor Single Sign-on page, switch on the SCIM option.
  2. Leave this SCIM configuration page open—you’ll need these details shortly.
  3. In Microsoft Entra, select the TestMonitor application you set up during the SAML configuration process.
  4. In the left menu, click Provisioning.
  5. Click New configuration.
  6. Copy the SCIM Base URL from TestMonitor and use it as the Tenant URL.
  7. Copy the SCIM Bearer Token from TestMonitor and use it as the Secret token.
  8. Click on Test connection.
  9. Click on Create.
  10. You'll be taken to the Provisioning overview.
  11. Click on Start provisioning to start synchronizing users.

Once provisioning is enabled, you can manage TestMonitor user access directly from Entra. Navigate to the Users and groups section for your Entra TestMonitor application and assign the relevant users as needed.

By default, Microsoft Entra synchronizes users every 40 minutes. As a result, updates made in Entra may take some time to appear in TestMonitor.

Configure Auto Provisioning

When auto provisioning is enabled, users who don't already have a TestMonitor account can sign in and have their account created automatically. If auto provisioning is disabled, only existing TestMonitor users are able to log in.

To activate auto provisioning, follow these steps:

  1. On the TestMonitor Single Sign-on page, switch on the Auto provisioning option.
  2. Specify your allowed email domains. Only users with email addresses matching these domains will be automatically provisioned.
  3. Optionally, you can specify a default project and role for newly provisioned users.

Ensure your subscription includes enough user seats to accommodate all provisioned accounts. You can disable auto-provisioning at any time if needed.

Disable Single Sign-on

To disable SSO:

  1. Click on the gear icon on the top right for Settings.
  2. Under Access & Security in the left menu, select Single Sign-on.
  3. Toggle the switch off for Use Single Sign-on.

Be sure to turn off Entra ID and, if enabled, your SCIM configuration to prevent Entra from continuing to synchronize users with TestMonitor.

Troubleshooting

If you encounter errors involving the SAML and Azure, here are some steps you can take to troubleshoot the issue:

Check the SAML / provisioning logs in Entra

In the Activity section of your Entra TestMonitor application, review the sign-in and provisioning logs for any errors. These logs can provide insight into potential issues and help identify what may be causing problems.

Incorrect endpoint URL's

Verify the IdP Sign-in URL, Entity ID, and X.509 certificate in TestMonitor match exactly what’s provided in Entra ID, and ensure the user exists in both systems with matching emails.

Invalid or Expired Certificate

Check the X.509 certificate in Entra for expiration. If expired, generate a new certificate in Entra and update the corresponding certificate in TestMonitor.

Test Connection Fails

Verify network/firewall rules allow outbound HTTPS requests from Entra ID to TestMonitor, confirm SCIM is enabled, and re-test the connection.

Provisioning Not Triggering

Make sure the intended users or groups are assigned to the TestMonitor application in Entra, and check the provisioning scope includes those assignments.

Contact Support

If these solutions do not resolve your issue, feel free to reach out to our support team for additional assistance.