This guide is applicable to Dagster Cloud.
In this guide, you'll configure Azure Active Directory (AD) to use single sign-on (SSO) with your Dagster Cloud organization.
To complete the steps in this guide, you'll need:
In this step, you'll add the Dagster Cloud app to your list of managed SaaS apps in Azure AD.
In this step, you'll configure and enable SSO for Azure AD in your Azure portal.
On the Dagster Cloud application integration page, locate the Manage section and select single sign-on.
On the Select a single sign-on method page, select SAML.
On the Set up single sign-on with SAML page, click the pencil icon for Basic SAML Configuration to edit the settings.
In the Basic SAML Configuration section, fill in the Identifier and Reply URL fields as follows:
Copy and paste the following URL, replacing
<organization_name> with your Dagster Cloud organization name:
Click Set additional URLs.
In the Sign-on URL field, copy and paste the URL you entered in the Identifier and Reply URL fields.
Next, you'll configure the SAML assertions. In addition to the default attributes, Dagster Cloud requires the following:
Add these attribute mappings to the SAML assertion.
On the Set up single sign-on with SAML page:
Locate the SAML Signing Certificate section.
Next to Federation Metadata XML, click Download:
When prompted, save the SAML metadata file to your computer.
After you've downloaded the SAML metadata file, upload it to Dagster Cloud using the
dagster-cloud organization settings saml upload-identity-provider-metadata <path/to/metadata> \ --api-token=<user_token> \ --url https://<organization_name>.dagster.cloud
In this section, you'll create a test user in the Azure portal.
Lastly, you'll test your SSO configuration:
Navigate to your Dagster Cloud sign in page at
Click the Sign in with SSO button.
Initiate the login flow and address issues that arise, if any.
Click Test this application in the Azure portal. If successful, you'll be automatically signed into your Dagster Cloud organization.