Overview

When you integrate Bridgecrew Cloud with Azure AD you first enable SSO access and then set permissions either manually, per user, within Bridgecrew, or by mapping Azure AD groups to Bridgecrew permissions.
You can integrate Bridgecrew Cloud with Azure AD to enable single sign-on for your organization's users. In parallel, invite users and set their permissions from the User Management page. You can choose either one of these methods for assigning permissions (but not both):
(a) Map Azure AD groups to Bridgecrew permissions (roles and accounts)
(b) Set permissions per user from within Bridgecrew's User Management page.

📘

Note

This feature enables SSO access; in parallel, each user must be added to Bridgecrew Cloud, here.

How to Integrate

Part 1 - In Azure AD

  1. In the Azure AD console, create an Enterprise Application.
243243 574574
  1. Select Set up single sign on, then select SAML.
13731373 17611761
  1. Edit the basic SAML configuration:
  • Entity ID: urn:amazon:cognito:sp:us-west-2_Ij9abDXU8
  • Reply URL: https://auth.bridgecrew.cloud/saml2/idpresponse
15081508
  1. User Attributes & Claims
    a. Edit Unique User Identifier (Name ID)
    b. Change Source attribute to user.mail
15311531

b. Create new optional claim and configure as shown below:

Name: emailaddress
Namespace: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress
Source attribute: user.mail

858858

c. For group mapping, create a Group Claim and configure as shown below:
http://schemas.xmlsoap.org/claims/Group

11621162
  1. Download the metadata XML.
867867

Part 2 - In Bridgecrew

  1. From Integrations Catalog, under Single Sign-On Authentication, select ADFS/Azure AD.
19011901
  1. Enter your allowed domain, then select Next.
13011301
  1. Upload the metadata xml file and select Done.
13011301
  1. you will either:

A. Enable & Configure Group Role Mapping:

Each Azure AD group can be mapped to a Bridgecrew role and a list of permitted accounts.

Mapping Azure AD Groups

  1. Enter the name of an Azure AD group. Use Add to add a row for each group you want to map.
  2. Select a Member role (see Roles for precise definitions).
13011301
  1. Select one or more permitted accounts, and click Next.
13011301

📘

Note

If a user is a member of a group, the group permissions overrule the default SSO permissions for new users.
For example, if User A is a member of Group B, and Group B has different permissions from the default, then User A's permissions will be those defined for Group B, and not the default role and permissions defined for new SSO users.

  1. Select the default role for new users.
13011301
  1. Select which sources to make available to users by default, and select Done.
    You can either permit access to all existing and future sources, or select specific sources from the source list for users to have access to.
13011301

📘

Notes

  1. You can use a single entry to associate multiple groups with a set of permissions (Role and permitted accounts). To do so, add the group names under Azure AD Group, separated by comma.
  2. If you mistakenly enter the name of a group twice - once with lower and once with higher permissions - the higher level permissions is applied.
  3. Only member of an Azure AD group are able to access Bridgcrew Cloud (and not nested groups).
  4. Any permissions previously set manually are overridden by the Azure AD group settings.
  5. At any time, you can disable Azure AD mapping and set permissions manually instead.

B. Assign User Permissions Manually

13011301
  1. Under Settings, select User Management.
  2. Select Edit for a user.
13231323
  1. Set the user's role and permitted accounts.
13631363
  1. Press Save Changes.

Retrieve Login URL

After integrating with ADFS and assigning permissions (either manually or by group mapping), you can fetch the login URL from the Integrations page.

358358

You can provide this URL in the Azure AD configuration

835835

📘

Sharing the Login URL

Bridgecrew is now integrated with ADFS.
Share the login URL with relevant users.


Did this page help you?