Azure Active Directory is a Microsoft Azure service which provides identity and access management. OpsGenie supports single sign on with Azure AD, which means your organization can easily incorporate OpsGenie into your application base in Azure AD and let your users securely access OpsGenie.
For general information about OpsGenie's Single Sign-On feature, refer to the Single Sign-On with OpsGenie document. This document describes the specific instructions you can use to integrate Azure Active Directory with OpsGenie SSO.
To configure Single Sign-On integration between your Azure Active Directory and OpsGenie accounts, go to OpsGenie SSO page, select "Azure AD" as provider and follow the instructions below:
- On another tab or page, open your Azure Portal and navigate to *Active Directory list.
- Click the directory in which the OpsGenie application will be added and navigate to the Applications tab in your directory.
- Click ADD button that is at the bottom panel.
- Select Add an application my organization is developing.
- On the next screen, give a name for the application and select WEB APPLICATION AND/OR WEB API as type.
- Navigate to the application you have recently added in the directory. Click VIEW ENDPOINTS button that is at the bottom panel.
- On the App Endpoints screen, copy the URL at the FEDERATION METADATA DOCUMENT field
- Switch to OpsGenie SSO Settings page that you have opened at the beginning and paste the certificate value into Metadata URL field.
- Switch back to Azure AD App Endpoints screen and copy the URL at the SAML-P SIGN-ON ENDPOINT field. Paste this URL into SAML 2.0 Endpoint field at your OpsGenie SSO Settings page.
- Click Save Changes on your OpsGenie SSO Settings page.
- On OpsGenie SSO Settings page, copy the single sign-on URL that is generated for you.
- Switch back to the application that you have added to your Azure Portal. Switch to CONFIGURE tab.
- Paste the single sign-on URL that you have recently copied into REPLY URL field under the single sign-on section. Click SAVE that is at the bottom panel and wait until your configuration is saved.
- Now users in your active directory can login with OpsGenie via SSO using their directory credentials.
** Make sure that email addresses of users are exactly same on both OpsGenie and your Azure Active Directory.
- If you turn on the setting USER ASSIGNMENT REQUIRED TO ACCESS APP for the application you have added to your Azure Active Directory, you explicitly have to provide access for OpsGenie application to users in your directory. To give access to your users for OpsGenie, switch to USERS tab within the application you have created on Azure Active Directory. Select a user you want to give access and click ASSIGN at the bottom panel.
Please note: Provisioning is not available for Azure Active Directory.