Overview
This article provides instructions about how to configure FogBugz SAML to use Azure Active Directory (Azure AD) as Single Sign-On (SSO) identity provider.
The process can be broken down into four basic steps:
- create an enterprise application in Azure AD
- configure the SSO for your enterprise application
- configure your FogBugz site's authentication to use as SAML identify provider (IDP) this enterprise application
- add users to your enterprise application (match FogBugz users with your Azure AD users)
Solution
Create an Enterprise Application in Azure AD
- Log in to your Microsoft Azure portal.
-
Search for and Click on “Enterprise Applications”.
-
Click on New Application
-
Click on Create Your Own Application
-
Enter a name for your app, select Integrate any other application you don't find in the gallery, and then Create.
-
Wait a few seconds and your application will be created.
Configure the SSO for your Enterprise Application
-
With your newly created Enterprise application opened, click on the "Single sign-on" in the left menu bar and select SAML.
- Edit the Basic SAML Configuration
- Configure the Identifier (Entity ID):
- FogBugz On-Premises:
https://{site name}.{host}/saml-sp
(https if using SSL) - FogBugz On-Demand:
https://{your-fogbugz-domain}.fogbugz.com/saml-sp
- FogBugz On-Premises:
- Configure the Reply URL (Assertion Consumer Service URL):
- FogBugz On-Premises:
https://{site name}.{host}/auth/SAML2/POST
(https if using SSL). - FogBugz On-Demand:
https://{your-fogbugz-domain}.fogbugz.com/auth/SAML2/POST
- FogBugz On-Premises:
- Configure the Identifier (Entity ID):
- Configure the User Attributes & Claims. These are the user attributes that FogBugz expects.
- FogBugzEmail – which maps to user.mail
- FogBugzFullName – which maps to user.onpremisesuserprincipalname
- Unique User Identifier - maps to user.mail
- A SAML Signing Certificate is provided by default.
- If you want to change it, click on Edit, where you can create a New Certificate with a different Expiration Date or you can Import your own Certificate.
Note: Make sure the “Notification Email” field is correct. It should be pre-populated with the email address associated with your Azure account.
- Download the (Base64) version of your certificate and view it with a text editor. This will be the Public x509 Signing Certificate for your FogBugz.
- If you want to change it, click on Edit, where you can create a New Certificate with a different Expiration Date or you can Import your own Certificate.
-
Copy the “Login URL”. This URL will be the correct Identity Provider URL for your FogBugz.
Update your FogBugz Site Configuration
- Enable SAML SSO for your FogBugz site.
- As Identity Provider URL use the Login URL of your Azure AD Application.
- For the Public x509 Signing Certificate use the (Base64) certificate that you downloaded from your Azure AD Application's Single Sign-On configuration page.
Add Users to your Azure AD Application
If not already added, add users to your Azure AD Application, by clicking on Users and Groups and then Add user/group.
Note: Make sure that in Azure AD and in FogBugz their Name and Email address are the same.
In Azure AD, the attributes first name and last name will be provided with capitals, despite you creating a user with lower case. You will need to adjust your user names in FogBugz accordingly: first name and last name will need to start with capitals.
Testing
To test your configuration, logout from your FogBugz instance and login using Single Sign-On. If your configuration was successful, you should be able to log in with your Azure AD credentials.