Set Up SSO with Azure AD


This feature is only available on the Teams and Enterprise tiers. Please contact Sales before doing these steps.

Supabase supports single sign-on (SSO) using Microsoft Azure AD.

Step 1: Add and register an Enterprise Application #

Open up the Azure Active Directory dashboard for your Azure account.

Click the Add button then Enterprise application.

Azure AD console: Default Directory Overview

Step 2: Choose Create your own application #

You'll be using the custom enterprise application setup for Supabase.

Azure AD console: Browse Azure AD Gallery, select: Create your own

Step 3: Fill in application details #

In the modal titled Create your own application enter the name you wish Supabase to be available to your Azure AD users. Supabase works in most cases.

Make sure to choose the third option: Integrate any other application you don't find in the gallery (Non-gallery).

Azure AD console: Create your own application modal

Step 4: Choose the Set up single sign-on option #

Before you get to assigning users and groups, which would allow accounts in Azure AD to access Supabase, you need to configure the SAML details that allows Supabase to accept sign in requests from Azure AD.

Azure AD console: Supabase custom enterprise application, selected Set up
single sign-on

Step 5: Select SAML single sign-on method #

Supabase only supports the SAML 2.0 protocol for Single Sign-On, which is an industry standard.

Azure AD console: Supabase application, Single sign-on configuration screen,
selected SAML

Step 6: Upload SAML-based Sign-on metadata file #

First you need to download Supabase's SAML metadata file. Click the button below to initiate a download of the file.

Alternatively, visit this page to initiate a download: https://alt.supabase.io/auth/v1/sso/saml/metadata?download=true

Click on the Upload metadata file option in the toolbar and select the file you just downloaded.

Azure AD console: Supabase application, SAML-based Sign-on screen,
selected Upload metadata file button

All of the correct information should automatically populate the Basic SAML Configuration screen as shown.

Azure AD console: Supabase application, SAML-based Sign-on screen,
Basic SAML Configuration shown

Make sure you input these additional settings.

Sign on URLhttps://supabase.com/dashboard/sign-in-sso
Relay Statehttps://supabase.com/dashboard

Finally, click the Save button to save the configuration.

Step 7: Obtain metadata URL and send to Supabase #

Supabase needs to finalize enabling single sign-on with your Azure AD application. To do this, please copy and send the link under App Federation Metadata Url in *section 3 SAML Certificates* to your support contact and await further instructions. If you're not clear who to send this link to or need further assistance, please reach out to support@supabase.com.

Do not test the login until you have heard back from the support contact.

Azure AD console: Supabase application, SAML Certificates card
shown, App Federation Metadata Url highlighted

Step 8: Wait for confirmation #

Please wait for confirmation or further instructions from your support contact at Supabase before proceeding to the next step. It usually takes us 1 business day to configure SSO for you.

Step 9: Test single sign-on #

Testing sign-on before your Azure AD has been registered with Supabase will not work. Make sure you've received confirmation from your support contact at Supabase as laid out in the confirmation step.

Once you’ve received confirmation from your support contact at Supabase that SSO setup has been completed for your enterprise, you can ask some of your users to sign in via their Azure AD account.

You ask them to enter their email address on the Sign in with SSO page.

If sign in is not working correctly, please reach out to your support contact at Supabase for further guidance.