Skip to main content

[SaaS] Setting up SSO with Azure AD

Nathan Clerbout
  • Updated

You can setup Single Sign-On (SSO) for Redwood with all IdPs that both support SAML as well as offer a public metadata URL.

Here the step to do this with Azure Active Directory

  1. Inside Azure Active Directory, go to Enterprise Applications and click to add a New Application and then click on Create your own application.

    azure-1.png

  2. Set the app name you want, check the “Integrate any other application you don't find in the gallery” option and click on Create.

    azure-3.png

  3. On the Applications Overview page, click on the Set up single sign on card then choose SAML as the single sign-on method.

    azure-4.png

    azure-5.png

  4. On the Basic SAML Configuration section, fill in the configuration generated on Remote’s SSO Settings page and click on Save.
    • Identifier (Entity ID) -
      • RunMyJobs (RMJ): runmyjobs.cloud
      • RunMyFinance (RMF): portal.runmyfinance.cloud
    • Reply URL (Assertion Consumer Service URL) -
      • RunMyJobs (RMJ): https://portal.runmyjobs.cloud/saml/module.php/saml/sp/saml2-acs.php/<Account ID>
      • RunMyFinance (RMF): https://portal.runmyfinance.cloud/saml/module.php/saml/sp/saml2-acs.php/<Account ID>

      azure-6.png

      Note: <Account ID> can be found in Redwood SaaS portal in Environments under settings

  5. On the Attributes & Claims section, click on Edit 
    1. Click on Add a group claim
      When prompted, you can decide whether the group claim is always sent, or only for specific groups or assigned users.

      Note: for the groups Azure send the Object ID (GUID), this will later need to match SSO Access Group with Redwood



    2. Then select Add a new claim (if needed), so that at least following Claim are available:
      • email, example: user.mail or user.primaryauthoritativeemail
      • name which will be displayed, example: user.displayname or user.userprincipalname
      • groups, example: user.groups or user.groups [ApplicationGroups]



  6. On the SAML Signing Certificate and Setup sections, copy the App federation Metadata URL



  7. Go to Users and groups on the left side menu to assign the users or groups that should have access to Redwood.

  8. You can follow the documentation to activate SSO with Redwood:
    https://docs.runmyjobs.cloud/?latest=SSOGuide

Related articles

Comments

0 comments

Please sign in to leave a comment.