Affected: Entra SSO
Overview
If you have SSO enabled, you can assign custom roles from within the LaunchDarkly dashboard or from Entra Security Groups.
Solution
Configure Entra Groups for LaunchDarkly. Before you begin, complete the following:
- Enable Entra integration with LaunchDarkly: Configure Entra SSO
- Create the custom roles that the LaunchDarkly Enterprise Application will use: Custom roles
1. Create LaunchDarkly Groups and assign members in Entra.
-
Create a new Group by going to Entra > Groups > New group.
-
Assign members to the Group by clicking the No members selected link to open the "Add members" dialog.
-
Select the user(s) you want to include in the group and click Select when done.
-
Click Create to create the group.
-
2. Create roles for LaunchDarkly Enterprise Application in Entra.
-
Open the LaunchDarkly Enterprise Application by going to Entra > App Registrations > View All.
-
Load the LaunchDarkly Enterprise Application by selecting the LaunchDarkly application on the registration dashboard.
-
Click LaunchDarkly to open.
-
Click Create app role.
-
Ensure you use the same key generated in LaunchDarkly as the value for your new role.
-
After you have created the role in Entra, click Apply when done.
Example:
-
3. Add LaunchDarkly Groups to LaunchDarkly Enterprise Application.
-
Open the LaunchDarkly Enterprise Application and go to Entra > Enterprise Application > All applications > LaunchDarkly.
-
To add the LaunchDarkly Group, go to Users and groups > Add user/group.
-
Assign the LaunchDarkly Group to the application.
-
Assign a role.
-
-
Click Single sign-on.
4. Update LaunchDarkly Enterprise Application “SSO User Attributes & Claims” to start sending custom roles.
-
Click User Attributes & claims.
-
Enter or select the following values in the “Manage claim” form.
-
Name:
customRole
-
Namespace: [leave blank]
-
Source:
Attribute
-
Source attribute:
user.assignedroles
-
-
Click Save.
-
To test, you can click on the Test button.
-
If your test is successful, you will be logged in as the user.
Example:
-