Guest Post: Set Up Fivetran SSO With Azure AD in 10 Minutes
Guest Post: Set Up Fivetran SSO With Azure AD in 10 Minutes

Guest Post: Set Up Fivetran SSO With Azure AD in 10 Minutes

Manage your team’s access to Fivetran using Azure Active Directory.

By Randy Pitcher II, September 24, 2019

This is a guest post by Randy Pitcher, regional technical expert at Hashmap. Before joining Hashmap , he worked in analytics and developer roles at ExxonMobil.

One of the best parts of using an Identity Provider (IdP) like Azure Active Directory is the ability to centralize your user management and access control.

For applications that are Microsoft-native, this management is seamless. For non-Microsoft services, the management can be a pain. Many organizations decide to simply deal with additional sets of username and password combinations or avoid new tools entirely.

Thanks to Microsoft’s hyper-flexible SAML support in Azure Active Directory, you don’t have to choose between modern, strategic solutions and corporate compliance.

In this post, we’re creating a custom SAML connection with Fivetran, the leading fully-managed cloud ELT solution. You should be able to use the general steps in this post to help you add SSO functionality with Azure AD to any modern service that supports SAML-based authentication.

If this is your first exposure to Fivetran, I encourage you to explore the business case for a managed ETL/ELT service. Unless building ELT pipelines is your core business, you should strongly consider offloading this expensive and brittle work to focus on solving business problems instead of reinventing the wheel. Put your skills, time, and money into places that will drive competitive advantage (understanding the modern analytics stack will help with this).

Getting Started

Before we get started, you should have the following:

Also, I found the following articles to be useful for configuring AD as a SAML provider for Fivetran. I’d suggest pulling them up if you get stuck or want more context.

Creating the Enterprise Application in Azure AD

First, we’ll need to create the Enterprise Application in Azure AD.

Sign in to your Azure Portal and go to your Active Directory service:

Go to Enterprise Applications and select Add New Application. This will bring you to the new application menu.

Select Non-Gallery Application, enter Fivetran as the application name, and select Add.

With this new application, we can now set up SAML SSO.

Go to Single Sign-on and select SAML as the SSO method.

Next, edit the Basic SAML Configuration.

In the Identifier (Entity ID)field, enter Fivetran.

In the Reply URL field, enter https://fivetran.com/login/saml/return 

Lastly, we need to add 2 custom fields to the User Attributes & Claims section. Fivetran expects to find a FirstName and LastName from the SAML provider.

Select the edit icon on the User Attributes & Claims section in the SAML SSO Set Up.

Select Add New Claims

Enter FirstName as the claim name and user.givenname as the claim source attribute.

Save this, then hit Add New Claims again and enter LastName as the claim name and user.surname as the claim source attribute.

Your Enterprise Application is now fully configured. Now is a good time to go to the Users and Groups section of your application and add yourself and anyone else in your organization that you want to have access to Fivetran.

Enabling SSO in Fivetran

Now, we’ll need to gather 3 values from our Azure AD Enterprise Application that we set up in the previous section. We’ll need:

  • the sign-on URL

  • the issuer URL

  • the x509 certificate string (this isn’t as scary as it sounds)

As we gather each value, paste those in the SSO section of your Fivetran Account Settings page.

Sign-on URL

Go to your Enterprise Application in Azure AD, go to your Single Sign-on configuration (where we created the SAML integration), and copy the Login URL value in section 4.

Paste this value into the Sign on URL section in your Fivetran SAML settings.

Issuer URL

On the same SAML configuration page in Azure for your Enterprise Application, copy the Azure AD Identifier value in section 4. This value is directly below the Login URL from before.

Paste this Azure AD Identifier value into the Issuer section in your Fivetran SAML settings.

x509 Certificate String

For this, you’ll download an XML file from your Enterprise Application, open it with any text editor, and copy a chunk of the file.

First, in the same SAML configuration page in Azure that we’ve been using, download your Federation Metadata XML from section 3.

Open the XML file in a text editor and copy the contents of the X509Certificate tag. It should look something like this (I’ve changed values to avoid sharing my certification string)

The file is not well-formatted when you download it, so don’t be surprised if it’s a little messier than what you see here. The important part is to copy the portion in between the

<X509Certificate> and </X509Certificate> 

tags –see how I’ve highlighted it.

Paste this X509Certificate value into the Issuer section in your Fivetran SAML settings and hit save!

Validating the SSO

The last step is to validate the SSO connection. The easiest way is to ensure you’ve added your self as a user to your Azure AD Enterprise Application that we created and follow the user link to log in to Fivetran.

In the Properties section of your Azure AD Enterprise Application, copy the User Access URL

Paste that URL into a new tab in your browser and enjoy your new SSO capability! If you have any issues, feel free to comment below and we’ll try to help you out.

Doublecheck that you’ve pasted your Fivetran SAML values correctly and that you’ve properly added yourself and teammates to the Enterprise Application in the Users and Groups section.


Now that you’ve created a custom SAML connection between Fivetran and Azure AD, check out and start using the Fivetran data source connector directory — it’s expansive with over 120 connectors today and more being added all the time. It’s now up to you to take a modern approach to analytics and start delivering value quicker!

Start analyzing your data in minutes, not months

Launch any Fivetran connector instantly.