Introduction
HCP Terraform allows organizations to configure SAML 2.0 single sign-on (SSO) as an alternative to traditional user management.
One popular Identity Provider (IdP) is Microsoft Azure AD. The Microsoft Azure AD SSO integration supports the following SAML features:
- Service Provider (SP) initiated SSO
- Identity Provider (IdP) initiated SSO
- Just-in-Time Provisioning
In an IdP-initiated login, a user first authenticates with their IdP and then selects the HCP Terraform application from the IdP's portal. After the user selects the service, the IdP initiates the authentication process with HCP Terraform.
Use Case
When using IdP-initiated login, end-users access their SSO Identity Provider’s portal, such as Microsoft My Apps, and select the HCP Terraform application tile to be automatically signed into their HCP Terraform organization.
Procedure
To enable IdP-initiated SSO, you must leave the optional Sign on URL field empty during the Azure AD application configuration.
- Follow the official documentation for configuring Microsoft Azure AD SSO.
- When you reach step 3-iii, locate the optional Sign on URL text box.
- Ensure this field remains empty. Do not enter the SP-initiated sign-on URL, such as
https://app.terraform.io/session.
Additional Information
For more information on supported IdPs, refer to the HCP Terraform Single Sign-on Documentation.