Azure Active Directory SAML Integration Guide Overview

Warning: Single Sign‑On for Pivotal Cloud Foundry v1.6 is no longer supported because it has reached the End of General Support (EOGS) phase as defined by the Support Lifecycle Policy. To stay up to date with the latest software and security updates, upgrade to a supported version.

This documentation introduces how to set up Azure Active Directory (Azure AD) with Security Assertion Markup Language (SAML) as the identity provider for the Single Sign-On service running on Pivotal Cloud Foundry (PCF).

Azure Active Directory (Azure AD) is Microsoft’s multi-tenant cloud based directory and identity management service.

For how to set up Azure AD with Open ID Connect (OIDC) , see Azure Active Directory OIDC Integration Guide.


To integrate Azure AD with Pivotal Cloud Foundry® (PCF), you need:


  • PCF, v1.7.0 or later.
  • Single Sign-On, v1.1.0 or later.

Azure Active Directory

  • Azure Active Directory subscription.
  • A user with admin privileges.

Note: To configure SAML, you must have the Pivotal Single Sign-On service broker installed on your PCF deployment. You need to create a plan, grant any plan administrators, and specify any organizations this plan should be the authentication authority for. For help configuring plans, see the Manage Service Plans topic.

Azure AD Integration Guide

Configuring Azure AD with SSO

Complete both steps below to integrate your deployment with Azure AD and SSO.

  1. Configure Azure AD as a SAML Identity Provider
  2. Configure a Single Sign-On Service Provider

Testing and Troubleshooting