Skip to main content
This feature is only available on Dub Enterprise.
For Dub Enterprise users, you can securely manage your team’s access to Dub using Azure AD SAML SSO.

Step 1: Create or Select SAML Application

In your Azure Admin console, select Azure Active Directory (or search for it in the search bar).
Azure Active Directory option on the Azure Dashboard
Then, click on Enterprise applications from the left sidebar.
Enterprise applications option on the Azure Dashboard
If you already have an existing Azure AD SAML application, select it from the list and move on to Step 2. If not, click on New application at the top.
Create new application button on the Azure Dashboard
In the next screen, click on Create your own application. Give your application a Name (e.g. “Dub”) and click Create.
Create your own application option on the Azure Dashboard

Step 2: Configure SAML Application

Under the Manage section in the left sidebar, select Single sign-on. Then, click on SAML.
SAML option on the Azure Dashboard
Under the Basic SAML Configuration section, click on Edit.
Edit button on the SAML Settings page on the Azure Dashboard
This will open up a sheet overlay. Under Basic SAML Configuration, enter the following values:
Identifier (Entity ID)
https://saml.dub.co
Reply URL (Assertion Consumer Service URL)
https://api.dub.co/auth/saml/callback
Basic SAML Configuration section on the Azure Dashboard
Click Save in the menu bar to save your changes.
Basic SAML Configuration section on the Azure Dashboard

Step 3: Attribute Mapping

Click Edit on the Attributes & Claims section.
Attributes & Claims section on the Azure Dashboard
Under Additional claims, make sure the following entries are present:
NameValue
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddressuser.mail
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/givennameuser.givenname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameuser.userprincipalname
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/surnameuser.surname
Additional claims section on the Azure Dashboard
Once that’s done, click on the X button in the top right corner to go back to the main settings page (or click the back button in your browser).

Step 4: Copy the Metadata URL

Scroll down to the 3rd section on the page, SAML Certificates. Copy the App Federation Metadata Url value and return to the Dub dashboard.
Metadata URL on the Azure Dashboard

Step 5: Configure SAML SSO on Dub

In your workspace settings, click on Security in the Workspace group.
Directory Sync section on the Dub Dashboard
Under the SAML Single Sign-On section, click on Configure. This will open up the SAML SSO modal:
  1. Select Azure AD as the SAML provider.
  2. Enter the App Federation Metadata Url value that you copied from Step 4.
  3. Click Save changes.
SAML SSO Modal

Step 6: Assign Users

We highly recommend configuring SCIM Directory Sync before assigning users & groups to your workspace. This will ensure that your users are automatically added to your workspace when they sign in for the first time, as well as automatically removed when they are deactivated in Azure.
Once you’ve configured SAML SSO, you can start assigning users & groups to your workspace. From your application, click the Users and groups from the left navigation menu and click Add user/group.
Adding users in Azure AD
Click on None Selected under Users. From the right side of the screen, select the users you want to assign to the app and click the Select button. Thenm click Assign to those users to your app.
Assigning users in Azure AD
Your assigned users should now receive an invitation email to join your Dub workspace.
SAML invite email
Azure AD SCIM provisioning can take anywhere between 20-40 minutes to sync. This means that it may take up to 40 minutes for your users to receive the invitation email and be able to join your Dub workspace.
They will also be able to sign in to Dub using Azure AD SSO.