Microsoft Entra ID (formerly Azure AD) is a cloud-based identity and access management service. It is designed to simplify and secure access to resources across your organization, whether on-premises or in the cloud. When integrated with CloudBees CI administrators can:
Control who can access CloudBees CI
Manage accounts in one central location
Grant users the ability automatically sign-in to CloudBees CI with their Microsoft Entra accounts.
To integrate CloudBees CI with Microsoft Entra ID:
Install the SAML 2.0 plugin on your CloudBees CI instance.
Configure single sign-on (SSO) options in the Operations center.
From the Operations center dashboard, select.
Navigate to Security Realm and select SAML 2.0.
Configure the following recommended settings as shown in the image below.Figure 1. Configure SAML 2.0 details
The identity provider (IdP) Metadata in XML format. Download this metatdata from Microsoft Entra ID and copy and paste into this field.
This setting is not needed if the IdP Metadata URL value is configured.
IdP Metadata URL
The URL where the IdP metadata XML can be retrieved. This URL is provided by Microsoft Entra ID.
The period of time (in minutes) to wait to refresh the IdP Metadata. Set the value to
0to not update the metadata.
Display Name Attribute
Enter attribute name that contains the Display Name of the user set in the Microsoft Entra ID configuration.
Enter the attribute name that contains the Groups of the user set in the Microsoft Entra ID configuration.
Enter the attribute name that contains the User Name of the user set in the Microsoft Entra ID configuration.
Enter the attribute name that contains the Email of the user set in the Microsoft Entra ID configuration.
Data Binding Method
Select one of the following redirection binding methods:
HTTP-Redirect - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST
HTTP-POST - urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect
Check supported binding redirection types of your IdP.
Enter the URL of your IdP where you want to be redirected once logged out.
Select this option to enable additional options to force logins at your IdP, override default authentication mechanisms, or force multi-factor authentication. You can also set the sessions on Jenkins to be shorter than those on your IdP.
Select this option to request the SAML IdP to force re-authentication of the user, instead of allowing an existing session with the IdP to be reused. This setting is left blank by default.
SP Entity ID
Enter the ID that identifies the specific Entra configuration. This field overrides the default Entity ID for this service provider. The service provider entity IDs are usually a URL, such as