Contents x
    Single Sign On Using Azure AD
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Single Sign On Using Azure AD

    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Overview

    Rivery supports connecting into your account using Single Sign On (SSO) method, using your Azure Active Directory configuration.

    Note
    • For specific plans only.
    • In order to start this process, please reach out to your CSM.

    Prerequisites

    • An Azure Active Directory account.
    • Rivery Account with the sufficient permissions.
    • Entity and ACS endpoints provided by Rivery Support.

    Configuring needed in Azure

    1. Log into your Azure Account and go to Active Directory in the top search panel.
      image.png

    2. In the main menu in the left, click on Enterprise Applications.
      image.png

    3. Click on New Application.

    4. In the Applicaions panel, click on **Create your own application
      **. Name it in the right panel (i.e Rivery) and check it with Integrate any other application you don't find in the gallery
      image.png

    5. In the left menu, go to Single sign-on and then click on SAML
      image.png

    6. Send to Rivery Support the metadata url under the SAML Signing Certificate section. You'll get back the Metadata endpoints, and the ACS endpoint to configure.
      image.png

    7.Click on Edit in order to set up the (Assertion Customer Service) ACL ,the Identify urls and the Relay state URL.
    set_up_saml.png

    1. Under Basic SAML Configuration set the 2 endpoints provided you by Rivery support and the Relay State URL.
      Make sure to remove any default preset URLs.
      If no endpoints provided, please ask them by opening a support ticket here, and click on save.
      For example:
    Identifier (Entity ID)
 -> https://<rivery-auth-url>/MYACCOUNT-IDPID/metadata
Reply URL (Assertion Consumer Service URL) - > https://<rivery-auth-url>/MYACCOUNT-IDPID/?acs

    Copy Rivery URL of the region of your console and and paste it on the Relay State

    Relay State -> https://console.rivery.io  # For US console
Relay State -> https://eu-west-1.console.rivery.io # for EU West 1 console

    image.png

    Please Note:
    • Ensure that you select the "Default" checkbox shown in the images above.
    • Confirm that there are no spaces in the URLs you've entered.

    relay_state.PNG

    1. Under the User Attributes and Claims add the next parameters. Keep of case sensativity and set them as they are below:

    image.png

    NameID: user.mail
email: user.mail
firstname: user.givenname
lastname: user.surname
name: user.userprincipalname
Unique User Identifier: user.userprincipalname

    When you click on the edit button, the additional claims screen should look like below:
    additional_claims.PNG

    Adding users to the application

    Ignore the steps under Adding users if your application is not set with 'User assignment required'.

    1. In the left side panel under manage, click on users and groups
      user_and_groups.png
    2. In the main screen click on Add user/group
      adduser.PNG
    3. Search for the users/groups you want to have access to the application.
      users.PNG
    4. Click on Select
    5. Clcik on Assign

    Testing SSO

    1. Go to https://myapplications.microsoft.com/.
    2. Log into the Azure account you granted the application for.
    3. Click on Rivery app.
    Was this article helpful?
    What's Next