This article provides directions to configure Single Sign On in FogBugz using Azure Active Directory as your identity provider.  In order to get started, you’ll need an Azure Active Directory account.

Configuring Azure Active Directory

Once you’ve logged into your Microsoft Azure portal, use the sidebar to navigate to Azure Active Directory. Click “Enterprise Applications”. Right click in the pane below the list of available apps and the click “Add”.

Screen Shot 2017-03-09 at 1.20.46 PM

 

 

Next, choose “Non-Gallery Application” under the “Add your own app” header and give the application a name, probably “FogBugz”. Then click “Add”.

Screen Shot 2017-03-09 at 1.17.49 PM

 

 

Click “Configure single sign-on”.

Screen Shot 2017-03-09 at 1.27.21 PM

 

 

Choose “SAML-based Sign-on” in the top dropdown. Then, add the Identifier URL.

  • FogBugz On Site: https://{site name}.{host}/saml-sp (https if using SSL).
    FogBugz On Demand: https://{your-fogbugz-domain}.fogbugz.com/saml-sp.

Next, add the Reply URL.

  • FogBugz On Site: https://{site name}.{host}/auth/SAML2/POST (https if using SSL).
  • FogBugz On Demand: https://{site name}.fogbugz.com/auth/SAML2/POST

You’ll also need to add the user attributes that FogBugz expects,  FogBugzFullName, which likely maps to user.userprinciplename and FogBugzEmail, which likely maps to user.mail.  (This will depend on your Azure Active Directory settings.)  You can delete any other attributes, but it isn’t necessary.

Make sure the “Notification Email” field.  (It should be pre-populated with the email address associated with your Azure account.)

Screen Shot 2017-03-09 at 1.32.36 PM

 

 

Click “create new certificate” and set an expiration date in the future.  You’ll have to do this again before the expiry date.

Click “Make new certificate active”.  And then click “Save” at the top of the form.  Confirm when prompted to make the new certificate active again.

Screen Shot 2017-03-09 at 1.43.20 PM

 

Download the certificate and open in a text editor.  You may need to change the file extension to .txt.

Click the “Configure FogBugz” link toward the bottom of the page, and keep the “SAML Single Sign-On Service URL” available to you as you configure FogBugz.

 

Configuring FogBugz

Click the “Authentication” tab at “Settings” > “Site Configuration.  Choose either “Username and Password or SAML Authentication” to allow your users to choose their authentication type or just “SAML Authentication” to require your users to use SAML SSO.

Copy/paste the SAML Single Sign-On Service URL into the “Identity Provider URL” field.

Copy/paste the full text of the certificate you downloaded into the “Public x509 Signing Certificate” field.

Click “OK”, and you should be all set up!