AppChangelogStatusBlog
Guides
LoginSchedule a call

SSO/Microsoft Entra ID

Suggest Edits

Prerequisites

- An active Microsoft Entra ID tenant with administrative access.
- A Waydev account with administrative privileges.
- Access to the SSO configuration section in Waydev (Settings > Operational Users > SSO Configuration).
- Ensure that Entra ID has defined the necessary roles (e.g., "Owners" and "Members") to map to Waydev roles.

Step 1: Start in Waydev to Configure the SAML Integration

➡️ 1. Log into Waydev:
- Go to Settings > Operational Users > SSO Configuration.

➡️ 2. Add a New Integration:
- Click the "Add Integration" button.

➡️ 3. Configure the SAML Integration:
- In the modal, enter the Login URL as: https://app.waydev.co/accounts/saml/xxxxxx.*
- Leave the Metadata field blank for now; it will be filled later.
- Keep this tab open and take note of the Login URL.

📘

*xxxxxx - the slug can be anything

But it has to be the slug configured in Operational Users -> SSO Configuration.

Step 2: Create a New Application in Microsoft Entra ID

➡️ 1. Sign into the Microsoft Entra ID Portal:
- Go to the Azure Portal with an admin account.
- Navigate to Microsoft Entra ID in the services menu.

➡️ 2. Add a New Application:
- Go to Enterprise Applications > All Applications > New Application.
- Click "Create your own application".
- Name it (e.g., Waydev), and select "Integrate any other application you don't find in the gallery".
- Click Create.

➡️ 3. Access the SSO Settings:
- In the new app, go to Single Sign-On in the left-hand menu.
- Select SAML as the sign-in method.

Step 3: Configure SAML Settings in Entra ID

➡️ 1. Basic SAML Configuration:
- Click Edit and enter the following:
• Identifier (Entity ID): https://app.waydev.co/accounts/saml/xxxxxx
• Reply URL: https://app.waydev.co/accounts/saml/xxxxxx
• Sign-on URL: Optional but can be the same for consistency.
• Leave Relay State and Logout URL blank.
- Save the configuration.

➡️ 2. User Attributes and Claims:
- Click Edit.
- Ensure Name ID is the user's email (e.g., user.userprincipalname).
- Add claims for role mapping:
• Claim Name: Role
• Value: Map Entra ID groups (e.g., "Managers" to "Owners", "Developers" to "Members").
- Example mappings:
• Entra ID Group “Managers” → Waydev Role “Owners”
• Entra ID Group “Developers” → Waydev Role “Members”

📘

Claims need to have this exact format "FirstName, LastName, Email" .

📘

The custom claims mapping (roles) need to be the same: role_ROLE

Where ROLE is the exact name of the role from Waydev.

➡️ 3. Download SAML Metadata:
- Locate the Federation Metadata XML in the SAML Signing Certificate section.
- Download it and copy its full contents.

Step 4: Complete Configuration in Waydev

➡️ 1. Go back to Waydev:
- Open the previously saved tab.

➡️ 2. Paste the Metadata:
- Paste the copied XML metadata in the Metadata field.

➡️ 3. Save the Integration:
- Click Create or Save.
- Waydev will confirm if the setup is successful.

Step 5: Assign Users in Entra ID

➡️ 1. Assign Users or Groups:
- In Entra ID, go to the Waydev application under Enterprise Applications.
- Go to Users and Groups > Add User/Group.
- Assign users or groups (e.g., “Managers”, “Developers”).
- Ensure user emails match Waydev accounts.

➡️ 2. Test User Access:
- Ensure users are added to the Waydev app before testing.

Step 6: Test the SSO Integration

➡️ 1. Log Out of Waydev:
- Sign out to test the SSO process.

➡️ 2. Access Waydev via SSO:
- Go to: https://app.waydev.co/accounts/saml/xxxxxx
- You’ll be redirected to Entra ID login.
- Log in with a user assigned to the Waydev app.
- On success, you’ll be logged into Waydev.

➡️ 3. Verify Role Mapping:
- Confirm users have the correct Waydev roles (e.g., “Owners” for Managers, “Members” for Developers).

Step 7: Troubleshooting

If issues arise (e.g., login fails or role mismatch), check:
- Login URL Match:
• Ensure the Waydev Login URL matches the Entra ID settings.
- Case Sensitivity:
• Role names are case-sensitive (e.g., “Owners”, “Members”).
- Metadata Accuracy:
• Ensure the XML metadata is complete and unmodified.
- User Assignment:
• Make sure users are assigned to the Waydev app in Entra ID.
- Domain Verification:
• Confirm email domains are configured properly for SSO.
- Contact Waydev or Microsoft Entra ID support if needed.

Step 8: Finalize and Enable SSO

➡️ 1. Confirm the Integration:
- Once SSO login works, the integration is complete.

➡️ 2. Notify Users:
- Share the Login URL: https://app.waydev.co/accounts/saml/xxxxxx
- Instruct your team to use it with their Entra ID credentials.

Updated 3 days ago