Single Sign-On v1.3

Azure Active Directory Integration Guide Overview

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service. This documentation describes how to configure a single sign-on partnership between Azure AD as the Identity Provider (IdP) and the Single Sign-On Service (SSO) for Pivotal Cloud Foundry® as the Service Provider (SP).

SSO supports service provider-initiated authentication flow and single logout. It does not support identity provider-initiated authentication flow. All SSO communication takes place over SSL.


To integrate Azure AD with Pivotal Cloud Foundry® (PCF), you need:


  • PCF, version 1.7.0 or later.

  • Single Sign-On, version 1.1.0 or later.

Azure Active Directory

  • Azure Active Directory subscription.

  • A user with admin privileges.

Note: To configure SAML, you must have the Single Sign-On service broker installed on your PCF deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Azure AD Integration Guide

Configuring Azure AD with SSO

Complete both steps below to integrate your deployment with Azure AD and SSO.

  1. Configure Azure AD as an Identity Provider

  2. Configure a Single Sign-On Service Provider

Testing and Troubleshooting

Create a pull request or raise an issue on the source for this page in GitHub