Contents x
    Single Sign-On Using Microsoft Entra ID (Azure Active Directory)
    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Single Sign-On Using Microsoft Entra ID (Azure Active Directory)

    • 2 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article summary

    • SSO is only available in the Enterprise plan.
    • To manage users exclusively through SSO, please contact support and specify that you want user management to be restricted to SSO.

    Introduction

    This document provides step-by-step instructions for configuring Single Sign-On (SSO) between Rivery and Microsoft Entra ID (formerly knows as Azure Active Directory). With SSO, users can seamlessly access Rivery using their Microsoft Entra ID account.

    Prerequisites

    Before proceeding, ensure you have an active Microsoft Entra ID account with administrative privileges.

    What to provide to Rivery Support for SSO configuration:

    • Rivery Account URL
    • SSO_PROVIDER_NAME (e.g. Azure )
    • DEPLOY_ENVIRONMENT (e.g. dev, prod )
    • DEFAULT_ROLE within Rivery (e.g. viewer/developer/admin etc)
    • METADATA_URL (see steps how to retrieve below)

    If you don’t have metadata_url:

    • ENTITY_ID_URL
    • SSO_URL
    • CERTIFICATE

    Configuration Steps

    1. Log in to your Azure Portal and navigate to Entra ID in the top search panel.
      image.png

    2. Select Enterprise Applications from the menu on the left-hand side and click on it.
      image.png

    3. Click on New Application.
      image.png

    4. Choose Create your own application.
      image.png

    5. Name it (e.g., Rivery). and choose "Integrate any other application you don't find in the gallery".

    image.png

    1. Select Create and then wait for the process to finish.

    2. Within the Getting Started menu, choose Single sign-on.

    image.png

    1. Choose the option labeled SAML.

    image.png

    1. Obtain the App Federation Metadata URL from the SAML Signing Certificate section.

    image.png

    1. Use the Help menu in the Rivery console to open a Support ticket. Include the App Federation Metadata URL and specify your preferred Default Role for new Rivery users when they log in.

    image.png

    1. You'll receive Metadata and ACS endpoints for configuration from Rivery Support.

    2. Configure SAML Settings in Azure:

    In the Basic SAML Configuration section, Click Edit to configure the following settings:

    • Identifier Entity ID (Ends with Metadata):

    Example:
    https://auth.[console-region].rivery.io/[account-id]Azure_AD[console-region]/metadata

    • Reply URL (Ends with ACS):

    Example:
    https://auth.[console-region].rivery.io/[account-id]Azure_AD[console-region]/?acs

    • Relay State URL
      Relay State URLRegion
      https://console.rivery.ious-east-2
      https://eu-west-1.console.rivery.ioeu-west-1
      https://eu-central-1.console.rivery.ioeu-central-1

    Please Note:

    • Ensure that you include the URLs provided by Rivery Support.
    • Your Account ID is located in the Console URL: https://console.rivery.io/home/[account-id]/563f5b17b0a105467kle07a4we5435ff4c33, there is no need to do any modifications in the URL just make sure it is yours.
    • Ensure that all URLs and configurations are set without any spaces or errors.

    image.png

    1. Click on Save and verify that the status indicates SSO was saved successfully.

    2. Configure Attributs & Claims in Azure.

    In the Attributs & Claims section, click Edit to configure the following settings:

    • Select Add new Claim

    image.png

    • Create a new claim for every row in this table, totaling 6 claims.

    • Copy the specified parameters while ensuring case sensitivity is maintained.

      NameSource Attribute
      NameIDuser.userprincipalname
      emailuser.mail
      firstnameuser.givenname
      lastnameuser.surname
      nameuser.userprincipalname
      Unique User Identifieruser.userprincipalname

    Adding Users to the Application

    1. Under the Manage section in the left panel, click Users and Groups.

    2. Select Add user/group on the main screen.

    image.png

    1. You have the option to achieve maximum automation by syncing with your existing Azure Entra ID groups, or you can manually add individual users using the tab on the left-hand side.

    2. Click on Assign to finalize the assignment process (these users will gain access to Rivery through SSO).

    3. To complete the configuration and establish the connection to Rivery, go to MyApps, find the app you created, and click on it. You will be directed to the Rivery console homepage.

    Please Note:

    • All users and groups can be provisioned to Rivery.
    • After setting up SSO, the default landing URL for your Rivery console will be https://console.rivery.io/home/[account_id]/default_env, indicating that all users have access permissions to the default Environment.
    • Ensure that the Username and Last name fields in the Users tab are populated with non-null values.
    Was this article helpful?
    What's Next