How to Configure Single Sign-On with Azure Active Directory
For the security of your SaaS-based infrastructure and the convenience of users in your organization, the ThousandEyes service offers login via single sign-on (SSO). ThousandEyes supports SAML2-based identity providers for single sign-on. There are two steps to set up single sign-on: the service provider configuration, which is done within ThousandEyes, and the identity provider configuration, done within your SSO system. In this configuration example, we use Microsoft Azure Active Directory as the identity provider.
Configuration is simple. Here's what you need:
ThousandEyes account assigned a role with the Edit security & authentication settings permission
Check the Enable Single Sign-On box and select Metadata File as the Configuration Type. Import the metadata file from step 9 of previous section using the Import File button.
Check the Override box for Logout Page URL and clear the field. Please ensure the Service Provider Issuer field matches the Identifier (Entity ID) in Azure side as seen in step 7 of Identity Provider's side Setup and Save.
ThousandEyes support both the IdP initiated and SP initiated Single Sign on, the below sections will guide you through testing them.
Identity Provider initiated SSO
Login to Log into portal.azure.com and go to Azure Active Directory > Enterprise applications > ThousandEyes > Single sign-on. Scroll down and click the Test button in Test single sign-on with ThousandEyes section. Click Sign in as current user button in the side pane that opens up.
The test will open up a new tab and log you into ThousandEyes!