Overview

When you integrate Bridgecrew Cloud with Azure AD you first enable SSO access and then set permissions either manually, per user, within Bridgecrew, or by mapping Azure AD groups to Bridgecrew permissions.
You can integrate Bridgecrew Cloud with Azure AD to enable single sign-on for your organization's users. In parallel, invite users and set their permissions from the User Management page. You can choose either one of these methods for assigning permissions (but not both):
(a) Map Azure AD groups to Bridgecrew permissions (roles and accounts)
(b) Set permissions per user from within Bridgecrew's User Management page.

📘

Note

This feature enables SSO access; in parallel, each user must be added to Bridgecrew Cloud, here.

How to Integrate

Part 1 - In Azure AD

  1. In the Azure AD console, create an Enterprise Application.
  1. Select Set up single sign on, then select SAML.
  1. Edit the basic SAML configuration:
  • Entity ID: urn:amazon:cognito:sp:us-west-2_Ij9abDXU8
  • Reply URL: https://auth.bridgecrew.cloud/saml2/idpresponse
  1. User Attributes & Claims
    a. Edit Unique User Identifier (Name ID)
    b. Change Source attribute to user.mail

b. Create new optional claim and configure as shown below:

Name: emailaddress
Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Source attribute: user.mail

c. For group mapping, create a Group Claim and configure as shown below:
http://schemas.xmlsoap.org/claims/Group

  1. Download the metadata XML.

Part 2 - In Bridgecrew

  1. From Integrations Catalog, under Single Sign-On Authentication, select ADFS/Azure AD.
  1. Enter your allowed domain, then select Next.
  1. Upload the metadata xml file and select Done.
  1. you will either:

A. Enable & Configure Group Role Mapping:

Each Azure AD group can be mapped to a Bridgecrew role and a list of permitted accounts.

Mapping Azure AD Groups

  1. Enter the name of an Azure AD group. Use Add to add a row for each group you want to map.
  2. Select a Member role (see Roles for precise definitions).
  1. Select one or more permitted accounts.

📘

Notes

  1. You can use a single entry to associate multiple groups with a set of permissions (Role and permitted accounts). To do so, add the group names under Azure AD Group, separated by comma.
  2. If you mistakenly enter the name of a group twice - once with lower and once with higher permissions - the higher level permissions is applied.
  3. Only member of an Azure AD group are able to access Bridgcrew Cloud (and not nested groups).
  4. Any permissions previously set manually are overridden by the Azure AD group settings.
  5. At any time, you can disable Azure AD mapping and set permissions manually instead.

B. Assign User Permissions Manually

  1. Under Settings, select User Management.
  2. Select Edit for a user.
  1. Set the user's role and permitted accounts.
  1. Press Save Changes.

Retrieve Login URL

After integrating with ADFS and assigning permissions (either manually or by group mapping), you can fetch the login URL from the Integrations page.

You can provide this URL in the Azure AD configuration

📘

Sharing the Login URL

Bridgecrew is now integrated with ADFS.
Share the login URL with relevant users.


Did this page help you?