Skip to content
Snippets Groups Projects
Select Git revision
  • release-x.54.x
  • backport-52-43292e6a0eb5d8d1977e9a6c9e6931898a437418
  • backport-53-43292e6a0eb5d8d1977e9a6c9e6931898a437418
  • master default protected
  • customizable-template
  • fading-out-non-compatible-datasources-prototype-2
  • SEM-156-column-sorting
  • backport-54-3a865cc16b8b3a85bbe82d1e189a52d013b64fee
  • update-legacy-function-names
  • release-x.52.x
  • ss/db-pages-tech-debt-mantine
  • release-x.53.x
  • ignore-config-yml
  • admin-metadata-table-view
  • rfc-118-arrow-parens-v52
  • rfc-118-arrow-parens-v53
  • rfc-118-arrow-parens-v54
  • hackathon-metabot-in-embedding-sdk
  • rfc-118-arrow-parens
  • sdk-web-components
  • v0.53.8.2
  • v0.53.8.x
  • v0.53.x
  • embedding-sdk-54-stable
  • embedding-sdk-0.54.4-nightly
  • v0.53.8.1
  • latest-ee
  • latest-oss
  • v0.53.8
  • beta-ee
  • beta-oss
  • v0.54.0-beta
  • v0.54.x
  • v0.53.7.6
  • v0.53.7.x
  • v0.53.7.5
  • embedding-sdk-52-stable
  • embedding-sdk-0.52.17
  • embedding-sdk-53-stable
  • embedding-sdk-0.53.12
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
saml-azure.md 2.83 KiB 
title: SAML with Azure AD
redirect_from:
  - /docs/latest/enterprise-guide/authenticating-with-saml-azure-ad

SAML with Azure AD

{% include plans-blockquote.html feature="SAML authentication" %}

Enable SAML in Metabase

First, follow our guide to enable SAML authentication.

Add an Enterprise Application in Azure AD

Go to the Azure Active Directory (AD) where your users live and click on Enterprise Applications. Once there, click on + New Application in the bar on the top of the page.

AZEnterpriseApp

In the new page click on + Create your own application and a bar will open in the right side of the page. Enter "Metabase" as the name of the application, select Integrate any other application you don't find in the gallery (Non-gallery) as the option and click the Create button on the bottom of the bar.

AZMetabaseApp

On the application page, under Manage, select Single Sign-on, then click on the "SAML" button.

AZAppSAML

When the "Set up Single Sign-On with SAML" page appears, you'll see an option for "Basic SAML configuration". Click on the Edit button to enter the required info.

AZAzureStep1

Fill out the following fields as follows and click "Save":

  • Identifier (Entity ID): Metabase
  • Reply URL (Assertion Consumer Service URL): go to your Metabase instance in Settings -> Admin-> Authentication -> SAML and insert the value that your Metabase instance reports in the "Configure your identity provider (IdP)" box.

In a new tab, visit the "App Federation Metadata URL". On the Metadata page, note the:

  • "Login URL"
  • "Azure AD Identifier"

You'll need these URLs to complete the SSO setup in Metabase.

To finish the Azure side of the configuration, click on the Users and groups button on the Manage tab and add the users or groups that should have access to Metabase.

Configure the Enterprise Application with Metabase SSO information

Log in to Metabase as an administrator and go to Admin -> Settings -> Authentication -> SAML.

Under "Tell Metabase about your identity provider", enter the following:

  • SAML Identity Provider URL: the "Login URL" you got on Step 4 on the Azure AD SAML SSO configuration
  • SAML Identity Provider Certificate: copy and paste the super long string under the "" tag in the "App Federation Metadata Url". Make sure you copy and paste the whole string; if you miss any character, the integration won't work.
  • SAML Application Name: "Metabase"
  • SAML Identity Provider Issuer: the "Azure AD Identifier" URL you got from the Azure AD SAML SSO configuration.

Click on Save Changes below, and you should now be able to log in via Azure AD.