https://sourcegraph.example.com/.auth/saml/metadata
https://sourcegraph.example.com/.auth/saml/acs
email
: user.mail (required)name
: user.userprincipalname (optional)login
: user.userprincipalname (optional)externalURL
in site config is set to the base URL (no trailing slash) you used in the Azure AD application configuration.auth.providers
with type saml
and identityProviderMetadataURL
set to the "App Federation Metadata Url" you recorded in the previous section. Here is an example of what your site configuration should look like:{ // ... "externalURL": "https://sourcegraph.example.com", "auth.providers": [ { "type": "saml", "identityProviderMetadataURL": "https://login.microsoftonline.com/7d2a00ed-73e8-4920-bbfa-ef68effe2d1e/federationmetadata/2007-06/federationmetadata.xml?appid=eff20ae4-145b-4bd3-ff3f-21edab43fe99" } ] }
Confirm there are no error messages in the sourcegraph/server
Docker container logs (or the sourcegraph-frontend
pod logs, if Sourcegraph is deployed to a Kubernetes cluster). The most likely error message indicating a problem is Error prefetching SAML service provider metadata
. See SAML troubleshooting for more tips.