Configure SAML-based single sign-on (SSO) with Azure AD

Who can use this feature?

☞ Only team owners and admins can configure single sign-on (SSO)

☆ Available on the standard and premium plan.

Step 1: Prepare the configuration

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  5. Note the ACS URL and Entity ID.

Step 2: Set up Azure AD (Active Directory) for Nuclino

  1. Sign in to the Azure portal using your Azure Active Directory administrator account.

  2. On the left navigation panel, select Azure Active Directory.

    azure_ad_1
  3. Navigate to Enterprise applications. Then go to All applications.

    azure_ad_2
  4. Click New application at the top of the dialog.

    azure_ad_3
  5. Type Nuclino in the search box, select Nuclino from the result panel, and click Add.

    azure_ad_4
  6. In the Azure portal, on the Nuclino application integration page, click Single sign-on.

    azure_ad_5
  7. Select SAML-based Sign-on as the Single Sign-on Mode.

    azure_ad_6
  8. In the Nuclino Domain and URLs section, perform the following steps:

    1. Identifier (Entity ID): Enter your Entity ID from Step 1

    2. Reply URL: Enter your ACS URL from Step 1

      azure_ad_4
  9. Update the User Attributes to match the following configuration:

    azure_ad_5
  10. Save the configuration by clicking on Save in the top left corner.

    azure_ad_save
  11. Click on Configure Nuclino.

    azure_ad_6
  12. Note the SAML Single Sign-On Service URL, SAML Entity ID, and download the SAML Signing Certificate - Base64 encoded. You'll need to enter these values and the content of the certificate file in your Nuclino team settings in the next step.

    azure_ad_7

Step 3: Integrate Nuclino with your identity provider

  1. Log in to Nuclino.

  2. Click the menu button in the top left corner to open the main menu.

  3. Click on your team name and select Team settings.

  4. Go to the Authentication section and choose SAML-based single sign-on (SSO).

  5. Enter the following information

    1. SSO URL: Enter the SAML Single Sign-On Service URL you've noted in Step 2

    2. Entity ID: Enter the SAML Entity ID you've noted in Step 2

    3. Certificate data: Open the certificate you downloaded in Step 2 in a text editor and copy/paste the content into this field.

  6. Click Save changes.

  7. Optional: Enforce single sign-on (SSO)

Step 4: Assign users and groups in Azure AD

Assign users and groups to your Nuclino SAML application in Azure AD to control who should be able to access your Nuclino team via single sign-on. Please read the Azure AD documentation for more information on how to do this.

After you have successfully set up SSO

Your team can now sign up and log in via your team URL that you can find in your team settings in the section authentication.

  • People who already have a Nuclino account with the same email address as their SSO account can choose to link this account. Afterwards, they can log in using their existing Nuclino account or use SSO instead.

  • For people who don't have a Nuclino account yet, a new account is provisioned when they log in for the first time using your team URL. They can only log in using SSO as long as they don't generate a separate password using Nuclino's reset password functionality.

Users who have already set up SSO for their Nuclino account can also go to the normal login (https://app.nuclino.com/login) and select Log in via single sign-on (SSO).

Questions?

If you have any questions or need help to set up SSO for Nuclino, please contact us.