⭐️ SAML SSO is available on Enterprise plans.
Microsoft's Active Directory has been a long time the standard for managing an enterprise's users and their access permissions, and Azure Active Directory is its direct cloud counterpart. k6 Cloud integrates with Azure AD to provide organizations with a compliant way to handle on- and offboarding of team members to the service.
To setup Azure AD SAML SSO based authentication to k6 Cloud you must have:
Navigate to https://portal.azure.com/.
Log in to Azure Portal and go to Azure Active Directory tab.
Select the Enterprise applications service.
Click on the New application button.
Give the application a name, e.g. k6 Cloud.
Property Value Identifier (Entity ID) https://api.k6.io/sso/acs/ Reply URL (Assertion Consumer Service URL) https://api.k6.io/sso/acs/ Logout Url https://app.k6.io/account/logout
Setting the following user attributes (and clearing the "Namespace" property for each attribute):
Attribute Value Unique User Identifier user.userprincipalname user.email user.userprincipalname user.username user.userprincipalname user.first_name user.givenname user.last_name user.surname token An unique token that you'll be provided with by the k6 Cloud support team.
Take the following steps to enable mapping of Azure Active Directory groups with k6 Cloud projects:
- Navigate to https://portal.azure.com/.
- Log in to Azure Portal and go to Azure Active Directory tab.
- In the right pane, click on the Groups menu item.
- Click on the New Group button.
- Choose Security as the group type and choose a name for the group.
- Click on the No owners selected and choose the group owner (usually the administrator).
- Click on the No members selected and choose members of this group and click on Select when you're done.
- Click on Create when you've done setting up your group. You'll be redirected back to the Groups page, and after a few seconds, your group will be created.
- Go to your k6 Cloud enterprise application. To do so, search for Enterprise Applications in the top search bar.
- Click on the Users and groups in the right pane, and you'll be presented with the list of users and groups assigned to your k6 Cloud application.
- Click on the Add user/group, choose the newly created group, and click on Assign. This application is now assigned to all the members of that group. You can assign as many groups as you want to your k6 Cloud application. The group members will be later assigned to their projects on k6 Cloud.
- Now click on the Single sign-on option in the right pane. In the Attributes & Claims section, click on Edit on the frame top right corner.
- Click on the Add a group claim and add a group claim as shown below:
- You've successfully set up teams on your end. Inform your point of contact about the object id of each group and the list of projects on k6 Cloud you want the users from those groups to land on. You can retrieve the object id of the group by navigating to your Azure Active Directory and then clicking on Groups in the right pane. The list of groups and their object ids will be shown.