This article describes the procedure for configuring single sign-on via Azure AD using SAML integration with Resolution Intelligence Cloud.
Security Assertion Markup Language (or SAML) is an open authentication standard that allows for the secure exchange of user identity information from one party to another. SAML enables SSO, a technology that allows for a single user login to work across multiple applications and services.
You can sign on with a single click without having an existing account in Resolution Intelligence Cloud. This document explains the detailed procedure to set up a SAML connection in both Azure AD and Resolution Intelligence Cloud.
Important: Refer to this article for details on how to reset MFA for a specific user if the user lost an MFA-enabled device.
Prerequisites
- Admin role in both Resolution Intelligence Cloud and Azure AD.
- Resolution Intelligence Cloud admin must have a role that can configure SAML identity providers.
Configuring SAML connection in Azure AD
- Login to Azure portal (https://portal.azure.com)
- Navigate to Home -> Azure Active Directory
- Click Enterprise Applications from the left menu
4. Click New application, then click Create your own application.
5. Enter a name for your app
6. Select Integrate any application you don’t find in the gallery(Non-gallery)
7. Click Create at the bottom of your screen.
A new from appears on the screen
8. From the left menu, click Single Sign On
9. Under Single Sign On method, click SAML tile
10. Follow the steps according to your specific region:
US Region:
If login URL is https://app.netenrich.com
-
- In the identifier (Entity ID), type urn:auth0:prod-netenrich:customernamesaml
NOTE: For “customername”, type your company name - In the Reply URL (Assertion Consumer Service URL) field, type https://auth.netenrich.com/login/callback
- In Sign on URL field, type https://auth.netenrich.com
- In Logout URL field, type https://auth.netenrich.com/logout
- In the identifier (Entity ID), type urn:auth0:prod-netenrich:customernamesaml
India Region:
If login URL is https://in-app.netenrich.com
-
- In the identifier (Entity ID), type urn:auth0:prod-in-netenrich:customernamesaml
NOTE: For “customername”, type your company name - In the Reply URL (Assertion Consumer Service URL) field, type https://in-auth.netenrich.com/login/callback
- In Sign on URL field, type https://in-auth.netenrich.com
- In Logout URL field, type https://in-auth.netenrich.com/logout
- In the identifier (Entity ID), type urn:auth0:prod-in-netenrich:customernamesaml
EU Region:
If login URL is https://eu-app.netenrich.com
-
- In the identifier (Entity ID), type urn:auth0:prod-netenrich:customernamesaml
NOTE: For “customername”, type your company name - In the Reply URL (Assertion Consumer Service URL) field, type https://eu-auth.netenrich.com/login/callback
- In Sign on URL field, type https://eu-auth.netenrich.com
- In Logout URL field, type https://eu-auth.netenrich.com/logout
- In the identifier (Entity ID), type urn:auth0:prod-netenrich:customernamesaml
11. Click Save.
A form with configuration details appears on the screen
Note: Please note the following details to use later while configuring SAML integration in Resolution Intelligence Cloud
-
- Certificate (Base64)
- Identifier (Entity ID)
- Login URL
- Azure AD Identifier
- Logout URL
- App Federation metadata URL
- Download Certificate in Base64 format
Adding Users/Groups
After you have configured the SAML connection, you can add one or more users or groups to provide access to the newly configured application.
To add users or groups,
- From the left menu, click Users and Groups
- Click Add user/group at the top of your screen
- Enter username or group name
- Click Save
Configuring SAML connection in Resolution Intelligence Cloud
To configure SAML connection,
- From Resolution Intelligence Cloud home screen, click Configurations --> Authentication in the left menu
- Click Setup Provider under the SAML tile
A New SAML Connection form appears - Enter the following fields and click Create at the bottom of screen
Field | Description |
Connection name |
Logical identifier for your connection; it must be unique. Once set, this name can't be changed. For connection name type the name in below format. customernamesaml NOTE: For “customername”, type your company name |
Sign in URL | Login URL that you have noted down from Azure App SAML settings |
X509 Signing Certificate | Select the certificate that you have downloaded from Azure App SAML settings |
Sign out URL | Logout URL that you have noted down from Azure App SAML settings |
User ID Attribute | Copy below URL for User ID Attribute http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier |
Sign Request Algorithm | Optional |
Sign Request Digest Algorithm | Optional |
Protocol Binding | Optional |
Identity Provider Domains | Enter a list of trusted domains with which you want to be identified as identity providers. These are the domains that user accounts have. Examples: user login is user@contoso.com, enter contoso.com. If there are multiple domains, then enter all the domains as comma-separated list. |
Multifactor Authentication | Multi-Factor Authentication (MFA) can be toggled on or off at any point during or after setting up the Single Sign-On (SSO) Connection. It is important to note that MFA functionality is exclusive to the SSO connection and applies solely to users logging in via the domain specified under "identity provider domains." By default, MFA is disabled. To activate it, tick mark the checkbox labelled "Enable MFA while user login." |
4. You have established SAML connection successfully
Invite User with SSO Integration
- For users to be able to login using SSO, they must be re-invited using the SSO connection.
- An existing Owner or Global Admin user with local authentication logged in, add a new user with Owner role by enabling the newly created SSO integration in Resolution Intelligence Cloud.
3. A newly invited user will be redirected to Azure AD for authentication.
4. For existing users with local authentication, users must be deleted and re-invited using an SSO connection."
Comments
0 comments
Please sign in to leave a comment.