You can integrate Bridgecrew Cloud with ADFS to enable single sign-on for your organization's users. In parallel, you must invite users from the User Management page. You can choose either one of these methods for assigning permissions (but not both):
(a) Map ADFS groups to Bridgecrew permissions (roles and accounts)
(b) Set permissions per user from within Bridgecrew's User Management page.
This features enables SSO access; in parallel, each user must be added to Bridgecrew Cloud, here.
- Enter the ADFS Management tool - Go to Trust Relationships > Relying Party Trusts > Add relying party trusts and select Start.
- Select Enter data about the relying party manually and then Next.
- Enter bridgecrew as the relying party configuration and then select Next.
- On the Configure Certificate screen, select Next (do not browse or enter any values).
- Select Enable support for SAML 2.0 Web-SSO protocol, enter the URL shown below and select Next.
- Add Bridgecrew's Amazon Cognito user pool URN - see below - as the relying party trust identifier and select Next.
- Select an access control policy based on your organization's needs and then Next.
- Select Next and then Close.
- Right-click on the Bridgecrew Relying Trust and select Edit Claim Issuance Policy.
- Select Next (do not make any changes).
- Configure a Rule as shown below and select Finish.
- Select Close.
- Add another rule, using the configuration shown below.
- To support ADFS group mapping, add another rule, with the configuration shown below.
- Select Apply.
- From the IIS Manager, select Bindings.
- Add HTTP and HTTPS bindings as shown below.
- From Integrations Catalog, under Single Sign-On Authentication, select ADFS/Azure AD.
- Enter the email domain.
- Upload the metadata XML file.
- Next you will either:
- Enter the name of an Azure AD group. Use Add to add a row for each group you want to map.
- Select a Member role (see Roles for precise definitions).
- Select one or more permitted accounts.
- You can use a single entry to associate multiple groups with a set of permissions (Role and permitted accounts). To do so, add the group names under ADFS Group, separated by comma.
- If you mistakenly enter the name of a group twice - once with lower and once with higher permissions - the higher level permissions is applied.
- Only member of an ADFS group are able to access Bridgcrew Cloud (and not nested groups).
- Any permissions previously set manually are overridden by the ADFS group settings.
- At any time, you can disable ADFS mapping and set permissions manually instead.
- Under Settings, select User Management.
- Select Edit for a user.
- Set the user's role and permitted accounts.
- Select Save Changes.
After integrating with ADFS and assigning permissions (either manually or by group mapping), you can fetch the login URL.
1.. Select Show Details.
2 . Select Copy Login URL.
Sharing the Login URL
Bridgecrew is now integrated with ADFS.
Share the login URL with relevant users.
Updated about 1 month ago