Figma - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk.
This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Figma using MPAS. SSO simplifies user authentication by allowing access to multiple applications with a single set of credentials. This integration enhances security and improves user experience across your organization.
To set up Multi-Pass with Figma, ensure you meet the following requirements:
- Figma admin rights
- MPAS Admin rights
- Make sure that all users intended to use SSO in Figma are registered in your IdP and have the necessary permissions to access Figma.
Important: Custom elements in URLs (like realm names) are case sensitive. Make sure to match the exact casing from your environment.
Figma - SSO configuration
Step 1 - Figma Configuration
- Log into Figma as an Administrator.
- Go to Admin and click on Settings
- In Login and Provisioning
- Select Authentication.
- Ensure authentication is set to Members may log in with any available method (default).
- Click SAML SSO.
- Copy the Tenant ID (needed later).
Note the values for ACS URL, Entity ID, and Start URL (they contain the Tenant ID).SP - Figma SAML Values (Will be needed in MPAS)
| Field | Value |
|---|---|
| ACS URL | https://www.figma.com/saml/<TENANT_ID>/acs |
| Entity ID | https://www.figma.com/saml/<TENANT_ID> |
| Start URL | https://www.figma.com/saml/<TENANT_ID>/login |
| Tenant ID | <TENANT_ID> |
- Click Edit configuration
- In the Identity provider (IdP) section, select Other
- and complete the fields by importing the SAML metadata from MPAS or with the information below :
- IdP Entity ID = https://ca.auth.kzero.com/realms/<TENANT_NAME>
- IdP SSO Target URL = https://ca.auth.kzero.com/realms/<TENANT_NAME>/protocol/saml
- For Signing certificate, click Choose file (You will download it in MPAS in the step below)
- Click Review
- Check the This information is correct box.
- Click Configure SAML SSO.
Step 2 - Multi-Pass Configuration
- Select your tenant and click on Integrations
- Select Applications.
- Choose SAML under Custom Integrations.
- Enter the values from Figma (ACS URL, Entity ID, Start URL)
SAML — Form values (Multi-Pass)
| Field | Value |
|---|---|
| Client ID (= Entity ID) | https://www.figma.com/saml/<TENANT_ID> |
| Name | Figma |
Description | SSO integration |
| Assertion Consumer Service URL | https://www.figma.com/saml/<TENANT_ID>/acs |
| NameID Policy Format | email |
- Download Tenant certificate (will be uploaded into Figma).
- Click Add Integration.
- Go to the advanced console by clicking on the left side of your screen
- Click on Client and use the search bar to look for Figma.
- Click on the line and verify the following section :
General settings
| Field | Value |
|---|---|
| Client ID | https://www.figma.com/saml/<TENANT_ID> |
| Name | Figma |
Description | SSO integration |
| Always Display in UI | ON |
Access settings
| Field | Value |
|---|---|
Home URL | |
| Valid Redirect URIs (ACS) | https://www.figma.com/saml/<TENANT_ID>/acs |
| IdP-Initiated URL | <APP_Name> |
SAML Capabilities
| Setting | Value |
|---|---|
Name ID format | Email |
| Force NameID Format | ON |
| Force POST Binding | ON |
| Include AuthnStatement | ON |
Signature & Encryption
| Setting | Value |
|---|---|
| Sign Documents | OFF |
| Sign Assertions | ON |
- Move to the tab called "Keys" and make sure both parameters are switched to OFF
- Then move to the "advanced" tab
- Assertion Consumer Service POST Binding URL = Valid Redirect URIs (ACS) = https://www.figma.com/saml/<TENANT_ID>/acs
- Now move to the tab "Client scope"
- Click on the first line
- Click on configure a new mapper
- Select User Attribute and complete the form
familyName
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | familyName |
| User Attribute | lastName |
| Friendly Name | familyName |
| SAML Attribute Name / OIDC Claim | familyName |
givenName
| Field | Value |
|---|---|
| Mapper Type | User Attribute |
| Name | givenName |
| User Attribute | firstName |
| Friendly Name | givenName |
| SAML Attribute Name / OIDC Claim | givenName |
Step 3 - Testing the Integration
- Create a test user in Figma.
- Create the same test user in Multi-Pass with identical email.
- Test login via SSO from the Figma login page.
- Validate that attributes (email, firstName, lastName, title, groups if applicable) are correctly passed.
Related Articles
SAML SSO Integration Guide
This guide provides an overview of how to configure SAML Single Sign-On (SSO) between Multi-Pass and a third-party Service Provider (SP). Multi-Pass acts as the Identity Provider (IdP) in this federation model. Multi-Pass is working on SCIM support ...Notion - SSO configuration
Please note that this application has not been formally tested by Kelvin Zero Inc. It is provided solely as a reference guide. If you encounter any issues, kindly submit a ticket directly through the support desk. This documentation provides a ...Vanta - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Vanta using MPAS. SSO simplifies user authentication by allowing access to multiple ...Dynatrace - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Dynatrace using MPAS. SSO simplifies user authentication by allowing access to multiple ...Addigy - SSO configuration
This documentation has been tested and approved by Kelvin Zero's team This documentation provides a step-by-step guide to setting up Single Sign-On (SSO) for Addigy using MPAS. SSO simplifies user authentication by allowing access to multiple ...