Security Assertion Markup Language (or SAML) is an open authentication standard that allows for the secure exchange of user identity information from one party to another. SAML enables SSO, a technology that allows for a single user login to work across multiple applications and services.
You can sign-on with a single click without having an existing account in Resolution Intelligence Cloud. This document explains the detailed procedure to set up SAML connection in both Azure AD and Resolution Intelligence Cloud.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Prerequisites
- Admin role in both Resolution Intelligence Cloud and Azure AD.
- Resolution Intelligence Cloud admin must have a role that can configure SAML identity providers.
Configuring SAML connection in Azure AD
- Login to Azure portal (https://portal.azure.com)
- Navigate to Home -> Azure Active Directory
- Click Enterprise Applications from the left menu
4. Click New application, then click Create your own application.
5. Enter a name for your app
6. Select Integrate any application you don’t find in the gallery(Non-gallery)
7. Click Create at the bottom of your screen.
A new from appears on the screen
8. From the left menu, click Single Sign On
9. Under Single Sign On method, click SAML tile
10. In the identifier (Entity ID), type urn:auth0:prod-netenrich:customernamesaml
NOTE: For “customername”, type your company name
11. In the Reply URL (Assertion Consumer Service URL) field, type https://auth.netenrich.com/login/callback
12. In Sign on URL field, type https://auth.netenrich.com
13. In Logout URL field, type https://auth.netenrich.com/logout
14. Click Save.
A form with configuration details appears on the screen
Note: Wrote down the following details to use them later while configuring SAML integration in Resolution Intelligence Cloud
-
- Certificate (Base64)
- Identifier (Entity ID)
- Login URL
- Azure AD Identifier
- Logout URL
- App Federation metadata URL
- Download Certificate in Base64 format
Adding Users/Groups
After you have configured SAML connection, you can add one or more users or groups to provide an access to newly configured application.
To add users or groups,
- From the left menu, click Users and Groups
- Click Add user/group at the top of your screen
- Enter username or group name
- Click Save
Configuring SAML connection in Resolution Intelligence Cloud
To configure SAML connection,
- From Resolution Intelligence Cloud home screen, click Configurations --> Authentication in the left menu
- Click Setup Provider under the SAML tile
A New SAML Connection form appears - Enter the following fields and click Create at the bottom of screen
| Field | Description |
| Connection name |
Logical identifier for your connection; it must be unique. Once set, this name can't be changed. For connection name type the name in below format. customernamesaml NOTE: For “customername”, type your company name |
| Sign in URL | Login URL that you have noted down from Azure App SAML settings |
| X509 Signing Certificate | Select the certificate that you have downloaded from Azure App SAML settings |
| Sign out URL | Logout URL that you have noted down from Azure App SAML settings |
| User ID Attribute | Copy below URL for User ID Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
| Sign Request Algorithm | Optional |
| Sign Request Digest Algorithm | Optional |
| Protocol Binding | Optional |
| Identity Provider Domains | Enter a list of trusted domains which you want to be identified as identity providers. These are the domains that users accounts have. Examples : user login is user@contoso.com, enter contoso.com. If there are multiple domains, then enter all the domains as comma-separated list. |
4. You have established SAML connection successfully
Invite User with SSO Integration
- For users to be able to login using SSO, they must be re-invited using SSO connection.
- An existing Owner/Global Admin user with local authentication logged in, add a new user with Owner role by enabling the newly created SSO integration in Resolution Intelligence Cloud.
- Newly invited user will be redirected to Azure AD for authentication.
- For exists users with local authentication, users must be deleted and re-invited using SSO connection."
Comments
0 comments
Please sign in to leave a comment.