To start, you'll need to have an enterprise plan with Pastel. If you don't have one, please click on the chat box in the right-hand corner and reach out to get started.
Once that is complete, follow these instructions to set up your Pastel SAML SSO login with Azure AD.
Navigate to https://entra.microsoft.com/ to load the Azure Active Directory admin center. On the sidebar, under Manage, select Enterprise applications.
2. Click on New application. On the app browser, select Create your own application. Give it a name (eg: Pastel), and select Integrate any other application you don't find in the gallery.
3. Now, we'll set up SAML SSO. On the app sidebar, under Manage, select Single sign-on.
4. Select SAML as the sign-on method.
5. Fill in the Basic SAML Configuration as shown below, using the following information and make sure that the two tick-boxes circled on the right are ticked.
6. Click on Save. It should look like the screenshot below:
Your application has now been built. Keep this tab open, as you'll be copying over some values into your Pastel settings.
7. Next, in a new tab, navigate to your teams page within Pastel, and then open the SAML SSO setup modal.
On your Azure AD tab, in the 3. SAML Certificates section, next to the Certificate (Base 64) section, click the Download link. Open the downloaded file with a text editor program, and then copy the contents of that file to your clipboard. In your Pastel tab, paste the contents of that file into the X.509 certificate section within the SAML SSO setup modal pictured below.
After that, on your Azure AD tab, under the 4. Set up Pastel copy the Login URL section into Pastel's Single sign-on URL section.
Lastly, from your on your Azure AD tab copy the Azure AD Identifier into the Identity provider issuer section within Pastel.
6. Once you've copied those corresponding fields over, you're good to go! Give it a try by logging into Pastel through your Azure AD dashboard. From here, you'll be able to enable login access to Pastel to your team through Azure AD as you normally would.
Important note: after SAML SSO is set up, only the team owner will have the ability to sign into Pastel via email and password. Everyone else on the team will only be able to access Pastel via SSO (i.e. no login via email and password), as long as SSO is enabled for your team.