On-premises installationOverview | Software architecture | Download | Deployment | Configuration | FAQ | EULA
Authentication | LDAP | SAML 2.0 | Authorisation and role-based access | Amazon Web Services S3 | Elasticsearch
Single sign-on is supported via SAML 2.0 integration with your Identity Provider. We have customers using this in conjunction with Auth0, Okta, Keycloak, PingFederate, and Microsoft Azure Active Directory. Please note this requires the authentication add-on.
To configure SAML integration, download the on-premises installation and follow these steps:
- Register the Structurizr on-premises application with your Identity Provider. When doing this, you will need a "Reply URL", which is of the form
structurizr.urlproperty in the
structurizr.propertiesfile should be set to the URL where Structurizr is installed (e.g.
structurizr.saml.entityIdproperty in the
structurizr.propertiesfile should be set to the SAML Entity ID that you are using to identify the Structurizr on-premises installation (configured with your Identity Provider when setting up the application/client in step 1).
- A copy of your Identity Provider's SAML metadata (XML format) should be saved to a file called
saml-idp-metadata.xmlin your Structurizr data directory.
- Map the IdP username to a SAML attribute named
- Map the IdP roles/groups to a SAML attribute named
If you make any changes to the SAML configuration, you will need to restart the on-premises installation.
Here are some guides that show how to integrate with different identity providers.