Custom SAML in Azure AD

The steps in this topic describe how to configure a custom SAML application in Azure AD.

Configuration

Before you set up a custom SAML application in Azure Active Directory (AD), you must configure SSO in Postman. Select "AD FS" as the "Authentication Type" and allow "Identity Provider Details" to remain empty for now.

ad fs

Next, sign in to the Azure management portal using your Azure Active Directory administrator account.

Browse to the Azure Active Directory > [Directory] > Enterprise Applications, and select "New Application".

Select "Non-gallery application".

non gallery app

Enter the name of the application and click "Add".

add postman app

Assign a test user to the application. (Required)

azure app quickstart

In the "Configure Single Sign-on" section, select "SAML-based Sign-on" in the "Single Sign-on Mode" dropdown.

sso saml

Configure the SAML integration. The table below describes the values of the fields in this configuration.

configure saml

SAML integration fields

Field Value
Identifier The Entity ID for your Postman custom SSO auth. You can find it in the Team page.
Reply URL The ACS URL for your Postman custom SSO auth. You can find it in the Team page.
User Identifier Select user.mail from the dropdown

Download the "SAML Signing Certificate" (Base64 format) and click the Save button.

After the setup is complete, submit your Identity Provider details to Postman. For more information, see Intro to SSO.

Navigate to your team settings in the Postman Web dashboard. To update the identity provider details, navigate to Authentication > <AzureAuthName> and click Edit, then Proceed. Fill in the following details:

Postman custom auth configuration fields

Field Value
Identity Provider Issuer The SAML Entity ID of your Azure AD application
Identity Provider SSO URL The SAML Single Sign-on Service URL of your Azure AD application
X.509 Certificate Contents of the SAML Signing Certificate file

Once your details are complete, click Generate relay/Regenerate relay to create a parameter to send with a SAML response in an IDP-initiated single sign-on. Click Save Authentication.

Navigate back to your Postman configuration in Azure AD.

Azure Postman Config

Check the Show advanced URL settings option. This will provide access to the Relay state, where you can enter the parameter you generated in Postman during your custom auth configuration setup.

Relay State Entry

Save your Azure AD configuration. The setup should now be complete, allowing you to login to Postman using SSO via the Azure AD identity provider.