Overview

You can integrate Bridgecrew Cloud with Azure AD to enable single sign-on for your organization's users. In parallel, invite users and set their permissions from the User Management page. You can choose either one of these methods for assigning permissions (but not both):
(a) Map Azure AD groups to Bridgecrew permissions (roles and accounts)
(b) Set permissions per user from within Bridgecrew's User Management page.

📘

Note

This feature enables SSO access; in parallel, each user must be added to Bridgecrew Cloud, here.

In Azure AD

  1. In the Azure AD console, create an Enterprise Application.
  1. From Single Sign-On, choose SAML.

  2. Edit the basic SAML configuration:

  • Entity ID: urn:amazon:cognito:sp:us-west-2_Ij9abDXU8
  • Reply URL: https://auth.bridgecrew.cloud/saml2/idpresponse
  • Sign on URL: the URL for the sign on login page (from the SSO integration summary in the Identity provider tab within the integrations screen)
  1. User Attributes & Claims
    a. Edit Unique User Identifier (Name ID):

b. Create new optional claim and configure as shown below:

http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress

c. For group mapping, create a Group Claim and configure as shown below:
http://schemas.xmlsoap.org/claims/Group

In Bridgecrew

Overview

When you integrate Bridgecrew Cloud with Azure AD you first enable SSO access and then set permissions either manually, per user, within Bridgecrew, or by mapping Azure AD groups to Bridgecrew permissions.

Setup SSO Access

  1. Under Integrations, select Identity Provider from SSO.
  2. Select ADD SSO and then Azure AD.
  3. Enter the email domain.
  4. Upload the metadata XML file.

Next you will either:

Enable & Configure Group Role Mapping

Overview

Each Azure AD group can be mapped to a Bridgecrew role and a list of permitted accounts.

Mapping Azure AD Groups

  1. On the lower half of the Azure AD integration page enter the name of an Azure AD group. Use Add to add a row for each group you want to map.
  2. Select a Bridgecrew role (see Roles for precise definitions).
  3. Select one or more permitted accounts.

📘

Notes

  1. You can use a single entry to associate multiple groups with a set of permissions (Role and permitted accounts). To do so, add the group names under Azure AD Group, separated by comma.
  2. If you mistakenly enter the name of a group twice - once with lower and once with higher permissions - the higher level permissions is applied.
  3. Only member of an Azure AD group are able to access Bridgcrew Cloud (and not nested groups).
  4. Any permissions previously set manually are overridden by the Azure AD group settings.
  5. At any time, you can disable Azure AD mapping and set permissions manually instead.

Assign User Permissions Manually

  1. Under Settings, select User Management.
  2. Press Edit for a user.
  1. Set the user's role and permitted accounts.
  1. Press Save Changes.

Retrieve Login URL

After integrating with ADFS and assigning permissions (either manually or by group mapping), you can fetch the login URL.

1.. Select Show Details.
2 . Select Copy Login URL.

📘

Sharing the Login URL

Bridgecrew is now integrated with ADFS.
Share the login URL with relevant users.


Did this page help you?