Announcing Chalk Compute!
Chalk home page
  1. Security
  2. Azure SAML

Supported Features

  • IDP-initiated Single Sign-On, initiated via Entra ID
  • SP-initiated Single Sign-On, initiated from Chalk
  • Push group and user provisioning via SCIM, initiated from Entra ID

For detailted information about Chalk’s Authentication capabilities, refer to the main page for SSO and SAML.

Customers with Self-Hosted Web Dashboards

For customers whose self-hosted deployments include a full API server and frontend deployment via helm, this page is only part of the setup needed to configure SAML. After completing this guide, please refer to the Cloud Auth documentation to complete setup.

If your chalk web dashboard is not https://chalk.ai, check your team’s dashboard for the correct values. These can be found under Settings > Single-Sign On:

  • Single Sign On URL: Should start with your custom URL and not chalk.ai, but retain the same URL path
  • Audience URI: This should start with your custom URL and not chalk.ai
  • Chalk’s SAML Certificate is regenerated for each custom web dashboard - if your team did not generate this themselves, contact Chalk for support

Setup Steps

All details and controls can be found on your team’s Single Sign-On Page, found under the settings section of your team’s dashboard.

Set Up an Entra ID SAML Application

  1. Navigate to your Entra ID admin dashboard
  2. From “Enterprise Apps”, find and select “New Application”
    • Select “Create your own application”
    • Name this application (“Chalk”, for example)
    • Select “Integrate any other application you don’t find in the gallery (Non-gallery)”
  3. Configure SAML
    • In the application sidebar, find Single Sign-on
    • Select SAML as the login method
  4. Set Up SAML (Basic SAML Configuration)
    • Identifier (Entity ID): https://chalk.ai/api/saml/metadata.xml
    • Reply URL (Assertion Consumer Service URL): https://chalk.ai/api/auth/login/saml
    • Sign-On Url: https://chalk.ai/login
    • Relay State: Leave blank
    • Logout URL: https://chalk.ai/api/auth/signout
  5. Set Up SAML (Attributes & Claims): This section will depend on your own Entra ID setup and what attributes are in use. However, Chalk requires the following to be set:
    • givenname
    • surname
    • Unique User Identifier: This should match your user’s primary email address attribute
  6. Set Up Application: No inputs are necessary in this section, but it is important to download the Federation Metadata XML for later
  7. Test single sign-on: This cannot be done until the following step to connect Chalk to your applicaiton

Connect Chalk to your SAML Application

You can connect your Entra ID application with Chalk from Settings > Single-Sign On page. At the top of the page, there is a button to add new applications. To integrate your SAML application with Chalk, upload the federated XML from the previous page and it should auto-populate:

  • Issuer
  • Login URL
  • Signing Certificate

SAML Chalk Setup Details

Next Steps

After verifying that you can log in to Chalk from your Entra ID Application, you can: