You can set up Single Sign-On (SSO) for RunMyJobs with all identity providers that both support SAML and offer a public metadata URL.
To do this with Azure Active Directory:
-
In Azure Active Directory, go to Enterprise applications, add a New application, and then click Create your own application.
-
Set the app name you want, then check Integrate any other application you don't find in the gallery and click Create.
-
On the Applications Overview page, click Set up single sign on, then choose SAML as the single sign-on method.
-
Under Basic SAML Configuration, fill in the configuration generated on Remote’s SSO Settings page and then click Save.
-
Identifier (Entity ID):
-
RunMyJobs (RMJ):
runmyjobs.cloud
-
RunMyFinance (RMF):
portal.runmyfinance.cloud
-
-
Reply URL (Assertion Consumer Service URL):
-
RunMyJobs (RMJ):
https://portal.runmyjobs.cloud/saml/module.php/saml/sp/saml2-acs.php/<SSOConfName>
-
RunMyFinance (RMF):
https://portal.runmyfinance.cloud/saml/module.php/saml/sp/saml2-acs.php/<SSOConfName>
-
-
Sign on URL (Target URL):
-
RunMyJobs (RMJ):
https://portal.runmyjobs.cloud/sso/<SSOConfName>
-
RunMyFinance (RMF):
https://portal.runmyfinance.cloud/sso/<SSOConfName>
-
Note: <SSOConfName> is defined during the first step of Configuring SSO in Redwood SaaS portal (see screen shot below).
Example:
https://portal.runmyfinance.cloud/saml/module.php/saml/sp/saml2-acs.php/redwood-support-SSOTest
-
-
In the Attributes & Claims section, click Edit.
-
Click Add a group claim. When prompted, you can decide whether the group claim is always sent, or only for specific groups or assigned users. For more information, see the Azure documentation.
For the groups Azure send the Object ID (GUID). This will later need to match SSO Access Group with Redwood.
-
Click Add a new claim (if needed), so that at least the following Claims are available:
-
email: For example,
user.mail
oruser.primaryauthoritativeemail
. -
name which will be displayed: For example, user.displayname or user.userprincipalname.
-
groups: For example,
user.groups [ApplicationGroups]
.
-
-
In the SAML Signing Certificate and Setup sections, copy the App federation Metadata URL. This will be the Metadata URL requested in Step 1 when configuring SSO with RunMyJobs SaaS.
-
Click Users and Groups on the left, then assign the users or groups that should have access to RunMyJobs.
Comments
0 comments
Please sign in to leave a comment.