Integrate Figma with Zero Trust Network Access

In this topic, you will find general instructions on how to integrate Figma with Portnox™ Zero Trust Network Access using the conditional access method.

Create a Portnox Cloud application configuration

In this step, you will create a configuration in Portnox Cloud that will contain all the information necessary to integrate with Figma.

  1. In a new tab of your browser, open your Portnox Cloud account by accessing the following URL: https://clear.portnox.com/

    From now on, we will call this tab the Portnox tab.

  2. In the Cloud portal top menu, click on the Zero Trust Resources option.

  3. On the Resources screen, click on the Create resource button.

    1. In the What type of resource is this? section, select the SSO web resource option.
    2. In the Authentication protocol section, select the SAML option.
    3. Click on the Next button.

  4. Optional: If you have more than one SAML identity provider configured, select the identity provider in the Select an identity provider to use for this resource section.
  5. In the Resource details section, enter a Resource name and optionally a Description.

    In this example, we used the name Figma for the new application configuration but you can use any name you like.

  6. Keep this browser tab open. You will need it later.

Open your Figma SAML SSO setup

In this section, you will access the Figma administrative interface and find the settings for SAML single sign-on (SSO) setup.

  1. In another tab of your browser, open your Figma web interface by clicking on the Log in option on the https://www.figma.com/ page. Then, log in to your account.

    From now on, we will call this tab the Figma tab.

  2. In the left-hand side menu, in the section representing your organization, click on the Admin option.

  3. In the right-hand side pane, click on the Settings tab.

  4. In the Settings pane, in the Login and provisioning section, click on the SAML SSO row.

  5. In the Configure SAML SSO dialog, in the Identity provider (IdP) field, select the Other option.

Copy configuration values from the Portnox tab to the Figma tab

In this section, you will copy the values displayed by Portnox Cloud and paste them in the relevant fields in the Figma SAML SSO setup section.

  1. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Identity Provider Entity ID / Audience URI field to copy the value.

  2. In the Figma tab, click on the empty field next to the IdP entity ID label and paste the value copied from Portnox Cloud.

  3. In the Portnox tab, in the Service details section, click on the  ⧉  icon next to the Sign-In URL / SSO URL field to copy the value.

  4. In the Figma tab, click on the empty field next to the IdP SSO target URL label and paste the value copied from Portnox Cloud.

  5. In the Portnox tab, in the Certificates > Signing certificates section, click on the  ⋮  icon next to the Active certificate and select the Download certificate option to download the certificate to the local drive.

  6. In the Figma tab, click on the Choose File button under the Signing certificate label and select the file downloaded to the local drive from Portnox Cloud.

  7. Click on the Review button. Then, activate the This information is correct checkbox, and click on the Configure SAML SSO button.

Copy configuration values from the Figma tab to the Portnox tab

In this section, you will copy the values displayed in the Figma SAML SSO setup section, and paste them in the relevant fields in Portnox Cloud.

  1. In the Figma tab, select the value next to the SP entity ID field and use your operating system’s copy shortcut to copy the value to the clipboard.

  2. In the Portnox tab, in the Resource properties section, click on the empty field under the Entity ID / Service Provider Entity URL heading and paste the value copied from Figma.

  3. In the Figma tab, select the value next to the SP ACS URL field and use your operating system’s copy shortcut to copy the value to the clipboard.

  4. In the Portnox tab, in the Resource properties section, click on the empty field under the Assertion Consumer Service (ACS) URL / Reply URL heading and paste the value copied from Figma.

Finalize the configuration

In this section, you will finalize the configuration in Portnox Cloud and Figma.

  1. Finalize the configuration in the Portnox tab
    1. Optional: In the Policy enforcement section, in the Device risk assessment section, change the setting to Override with custom policy and then select a risk assessment policy if you want to assess risk with this application using a custom risk assessment policy, and in the Access control section, change the setting to Override with custom policy and then select an access control policy if you want to control access to this application using a custom access control policy.
    2. Scroll all the way down to the end of the page, and then click on the Save and Close button.

  2. Finalize the configuration in the Figma tab
    1. Optional: In the Settings pane, in the Login and provisioning section, click on the Authentication row to select your authentication methods.

    2. Optional: After testing your configuration, in the Authentication dialog, you can select the Members must log in with SAML SSO option and click on the Done button to enforce Zero Trust Network Access as the only login method for all users.
      Warning: Proceed with caution. If SSO is not configured properly, Figma users will not be able to log in to the application. We recommend taking this step only after testing SSO.

Result: You have configured Figma to be accessible using Portnox Zero Trust Network Access.