Tutorial: Azure Active Directory integration with monday.com
In this tutorial, you learn how to integrate monday.com with Azure Active Directory (Azure AD).
Integrating monday.com with Azure AD gives you the following benefits:
- You can use Azure AD to control who has access to monday.com.
- Users can be automatically signed in to monday.com with their Azure AD accounts (single sign-on).
- You can manage your accounts in one central location, the Azure portal.
For more information about software as a service (SaaS) app integration with Azure AD, see Single sign-on to applications in Azure Active Directory.
To configure Azure AD integration with monday.com, you need the following items:
- An Azure AD subscription. If you don't have an Azure AD subscription, create a free account before you begin.
- A monday.com subscription with single sign-on enabled.
In this tutorial, you configure and test Azure AD single sign-on in a test environment and integrate monday.com with Azure AD.
monday.com supports the following features:
- SP-initiated single sign-on
- IDP-initiated single sign-on
- Just-in-time user provisioning
Add monday.com in the Azure portal
To integrate monday.com with Azure AD, you must add monday.com to your list of managed SaaS apps.
Sign in to the Azure portal.
In the left menu, select Azure Active Directory.
Select Enterprise applications > All applications.
To add an application, select New application.
In the search box, enter monday.com. In the search results, select monday.com, and then select Add.
Configure and test Azure AD single sign-on
In this section, you configure and test Azure AD single sign-on with monday.com based on a test user named Britta Simon. For single sign-on to work, you must establish a linked relationship between an Azure AD user and the related user in monday.com.
To configure and test Azure AD single sign-on with monday.com, you must complete the following building blocks:
|Configure Azure AD single sign-on||Enables your users to use this feature.|
|Configure monday.com single sign-on||Configures the single sign-on settings in the application.|
|Create an Azure AD test user||Tests Azure AD single sign-on for a user named Britta Simon.|
|Assign the Azure AD test user||Enables Britta Simon to use Azure AD single sign-on.|
|Create a monday.com test user||Creates a counterpart of Britta Simon in monday.com that is linked to the Azure AD representation of the user.|
|Test single sign-on||Verifies that the configuration works.|
Configure Azure AD single sign-on
In this section, you configure Azure AD single sign-on with monday.com in the Azure portal.
In the Azure portal, in the monday.com application integration pane, select Single sign-on.
In the Select a single sign-on method pane, select SAML or SAML/WS-Fed mode to enable single sign-on.
In the Set up Single Sign-On with SAML pane, select Edit (the pencil icon) to open the Basic SAML Configuration pane.
In the Basic SAML Configuration pane, if you have a service provider metadata file and you want to configure IDP-initiated mode, complete the following steps:
Select Upload metadata file.
To select the metadata file, select the folder icon, and then select Upload.
After the metadata file is successfully uploaded, the Identifier and Reply URL values are automatically populated in the Basic SAML Configuration pane:
If the Identifier and Reply URL values aren't automatically populated, enter the values manually.
To configure the application in SP-initiated mode:
Select Set additional URLs.
In the Sign on URL box, enter a URL that has the following pattern: https://<your-domain>.monday.com. Contact the monday.com client support team to get the sign-on URL.
The monday.com application expects the SAML assertions to be in a specific format. Configure the following claims for this application. To manage these attribute values, in the Set up Single Sign-On with SAML pane, select Edit to open the User Attributes pane.
Under User claims, select Edit to edit the claims. To add a claim, select Add new claim, and then configure the SAML token attribute as shown in the preceding image. Then, complete the following steps:
Select Add new claim.
In the Manage user claims pane, set the following values:
In the Name box, enter the attribute name shown for the user claim row.
Leave Namespace blank.
For Source, select Attribute.
In the Source attribute list, select the attribute value shown for the user claim row.
Select OK, and then select Save.
In the Set up Single Sign-On with SAML pane, under SAML Signing Certificate, select Download next to Certificate (Base64). Select a download option based on your requirements. Save the certificate on your computer.
In the Set up monday.com section, copy the following URLs based on your requirements:
- Login URL
- Azure AD Identifier
- Logout URL
Configure monday.com single sign-on
To configure single sign-on on the monday.com side, send the downloaded Certificate (Base64) file and the relevant URLs that you copied from the Azure portal to the monday.com support team. The monday.com support team uses the information you send them to ensure that the SAML single sign-on connection is set properly on both sides.
Create an Azure AD test user
In this section, you create a test user named Britta Simon in the Azure portal.
In the Azure portal, select Azure Active Directory > Users > All users.
Select New user.
In the User pane, complete the following steps:
In the Name box, enter BrittaSimon.
In the User name box, enter brittasimon@<your-company-domain>.<extension>. For example, firstname.lastname@example.org.
Select the Show password check box. Write down the value that's displayed in the Password box.
Assign the Azure AD test user
In this section, you grant Britta Simon access to monday.com so she can use Azure single sign-on.
In the Azure portal, select Enterprise applications > All applications > monday.com.
In the applications list, select monday.com.
In the menu, select Users and groups.
Select Add user. Then, in the Add assignment pane, select Users and groups.
In the Users and groups pane, select Britta Simon in the list of users. Choose Select.
If you are expecting a role value in the SAML assertion, in the Select role pane, select the relevant role for the user from the list. Choose Select.
In the Add Assignment pane, select Assign.
Create a monday.com test user
In this section, a user named Britta Simon is created in the monday.com application. monday.com supports just-in-time user provisioning, which is enabled by default. There is no action item for you in this section. If a user doesn't already exist in monday.com, a new one is created after authentication.
Test single sign-on
In this section, you test your Azure AD single sign-on configuration by using the My Apps portal.
After you set up single sign-on, when you select monday.com in the My Apps portal, you are automatically signed in to monday.com. For more information about the My Apps portal, see Access and use apps in the My Apps portal.
To learn more, review these articles:
Send feedback about: