You can setup Single Sign-On (SSO) for Redwood with all IdPs that both support SAML as well as offer a public metadata URL.
Here the step to do this with Azure Active Directory:
- Inside Azure Active Directory, go to
Enterprise Applications
and click to add aNew Application
and then click onCreate your own application
. - Set the app name you want, check the “Integrate any other application you don't find in the gallery” option and click on
Create
. - On the
Applications Overview
page, click on theSet up single sign on
card then chooseSAML
as the single sign-on method. - On the
Basic SAML Configuration
section, fill in the configuration generated on Remote’s SSO Settings page and click onSave
.- Identifier (Entity ID) -
- RunMyJobs (RMJ):
runmyjobs.cloud
- RunMyFinance (RMF):
portal.runmyfinance.cloud
- RunMyJobs (RMJ):
- Reply URL (Assertion Consumer Service URL) -
- RunMyJobs (RMJ):
https://portal.runmyjobs.cloud/saml/module.php/saml/sp/saml2-acs.php/<SSOConfName>
- RunMyFinance (RMF):
https://portal.runmyfinance.cloud/saml/module.php/saml/sp/saml2-acs.php/<SSOConfName>
- RunMyJobs (RMJ):
- Sign on URL (Target URL) -
- RunMyJobs (RMJ):
https://portal.runmyjobs.cloud/sso/<SSOConfName>
- RunMyFinance (RMF):
https://portal.runmyfinance.cloud/sso/<SSOConfName>
Note:<SSOConfName>
is define during first step of Configuring SSO in Redwood SaaS portal as seen in screenshot below.
Example:https://portal.runmyfinance.cloud/saml/module.php/saml/sp/saml2-acs.php/redwood-support-SSOTest
- RunMyJobs (RMJ):
- Identifier (Entity ID) -
- On the
Attributes & Claims
section, click onEdit
- Click on
Add a group claim
When prompted, you can decide whether the group claim is always sent, or only for specific groups or assigned users.
More information can be found in Azure documentation:
https://learn.microsoft.com/en-us/azure/active-directory/hybrid/connect/how-to-connect-fed-group-claims
Note: for the groups Azure send the Object ID (GUID), this will later need to match SSO Access Group with Redwood - Then select
Add a new claim
(if needed), so that at least following Claim are available:- email, example: user.mail or user.primaryauthoritativeemail
- name which will be displayed, example: user.displayname or user.userprincipalname
- groups, example: user.groups or user.groups [ApplicationGroups]
- Click on
- On the SAML Signing Certificate and Setup sections, copy the
App federation Metadata URL
This will be Metadata URL requested in Step 1 when configuring SSO with Redwood SaaS portal. - Go to Users and groups on the left side menu to assign the users or groups that should have access to Redwood.
- You can follow the documentation to activate SSO with Redwood:
https://docs.runmyjobs.cloud/?latest=SSOGuide
Comments
0 comments
Please sign in to leave a comment.