SendGrid users can use Single Sign-On (SSO) with Azure. The configuration is mainly done in Azure's environment, but also requires some configuration on your SendGrid account. This guide walks you through the process of setting up SendGrid SSO with Azure.
Notice: This guide is intended for integrations between direct-billed SendGrid accounts and Azure Active Directory (AAD); with AAD configured as an Identity Provider (IdP) for single sign-on (SSO). Direct configuration of SSO within the SendGrid console is not available for Azure Reseller type accounts. Also, Free, Essentials, and Basic Twilio SendGrid accounts are not eligible to configure SSO. For help changing to an eligible plan, see Upgrade or Change your SendGrid pricing plan.
- Login to your Azure dashboard, and then select Azure Active Directory.
- Select Enterprise applications, and then select New application.
- Select Create your own application.
- Enter a suitable name, and select "Integrate any other application you don't find in the gallery". Then click Create.
- Assign users and groups accordingly.
- Click Single Sign on, and then select SAML.
- Click Edit under "Basic SAML Configuration". Please note, the "Identifier" and "Reply URL" fields should be filled using the link "Audience URL (SP Entity ID)" on SendGrid side. Please check them as the default option. The Single Sign On URL is identical to Audience URL for now, and it's not really used here.
- Save the configuration, if Azure asks you if you want to test this integration, say No.
- Make sure the fields under Attributes & Claims are left as default.
- Please copy the "Login URL" and "Azure AD Identifier". Click on "SAML Signing Certificate" → "Certificate (Base64) to download the signing certificate.
Do not close this tab, and go back to the SendGrid SSO setting page.
Finish the SSO configuration in SendGrid
- Log in to SendGrid. Go to Setttings > SSO settings.
- Click on "Add IdP Configuration", you are now taken to the IdP setting page.
- Enter the "Azure AD Identifier" in the SAML Issuer ID field. Then enter the "Login URL" in Embed Link field
Note: Please mind blank spaces or missing characters when pasting this information in SendGrid. Sometimes we have notice that users tend to not include the last character which is a slash symbol "/" in the SAML Issuer ID please add it. For the Embed Link it's not necessary
- Open the certificate file that you downloaded from Azure on an editor, copy the content. Click on Add Certificate and paste the certificate in. If the certificate is pasted in correctly, its metadata should be displayed under Certificate Information. Click on Add Certificate.
- Click on "Enable SSO"
- Enter your SSO teammate as Username, if everything is good, you should be taken to the IdP's login page.
- Log in using your Azure's password, and you should be taken to the SendGrid site.
- If you are unable to login, please double-check all the steps again.