Introduction
HCP Terraform allows organizations to configure SAML 2.0 single sign-on (SSO), an alternative to traditional user management.
One of the popular Identity Providers (IdPs) is Microsoft Azure AD. The Microsoft Azure AD SSO integration currently supports the following SAML features:
- Service Provider (SP) initiated SSO
- Identity Provider (IdP) initiated SSO
- Just-in-Time Provisioning
Use Case
When using IdP initiated login, end users will access their SSO Identity Provider’s portal page (e.g. Microsoft My Apps) and then click the “Terraform Cloud” application tile to be automatically signed into their Terraform Cloud organization.
Procedure
For the IdP-initiated SSO to work, when configuring Microsoft Azure AD SSO (step 3-iii) you must keep the optional "Sign-on URL" text box field empty (i.e. not using the URL: https://app.terraform.io/session
).
Additional Information
For more information on the supported IdPs, visit the Terraform Cloud Single Sign-on Documentation.