Single Sign On Using Azure AD
  • 2 Minutes to read
  • Dark
    Light
  • PDF

Single Sign On Using Azure AD

  • Dark
    Light
  • PDF

Article Summary

Overview

Rivery supports connecting into your account using Single Sign On (SSO) method, using your Azure Active Directory configuration.

Note
  • For specific plans only.
  • In order to start this process, please reach out to your CSM.

Prerequisites

  • An Azure Active Directory account.
  • Rivery Account with the sufficient permissions.
  • Entity and ACS endpoints provided by Rivery Support.

Configuring needed in Azure

  1. Log into your Azure Account and go to Active Directory in the top search panel.
    image.png

  2. In the main menu in the left, click on Enterprise Applications.
    image.png

  3. Click on New Application.

  4. In the Applicaions panel, click on **Create your own application
    **. Name it in the right panel (i.e Rivery) and check it with Integrate any other application you don't find in the gallery
    image.png

  5. In the left menu, go to Single sign-on and then click on SAML
    image.png

  6. Send to Rivery Support the metadata url under the SAML Signing Certificate section. You'll get back the Metadata endpoints, and the ACS endpoint to configure.
    image.png

7.Click on Edit in order to set up the (Assertion Customer Service) ACL ,the Identify urls and the Relay state URL.
set_up_saml.png

  1. Under Basic SAML Configuration set the 2 endpoints provided you by Rivery support and the Relay State URL.
    Make sure to remove any default preset URLs.
    If no endpoints provided, please ask them by opening a support ticket here, and click on save.
    For example:
Identifier (Entity ID)
 -> https://<rivery-auth-url>/MYACCOUNT-IDPID/metadata
Reply URL (Assertion Consumer Service URL) - > https://<rivery-auth-url>/MYACCOUNT-IDPID/?acs

Copy Rivery URL of the region of your console and and paste it on the Relay State

Relay State -> https://console.rivery.io  # For US console
Relay State -> https:///eu-west-1.console.rivery.io # for EU West 1 console

image.png
relay_state.PNG

  1. Under the User Attributes and Claims add the next parameters. Keep of case sensativity and set them as they are below:

image.png

NameID: user.mail
email: user.mail
firstname: user.givenname
lastname: user.surname
name: user.userprincipalname
Unique User Identifier: user.userprincipalname

When you click on the edit button, the additional claims screen should look like below:
additional_claims.PNG

Adding users to the application

Ignore the steps under Adding users if your application is not set with 'User assignment required'.

  1. In the left side panel under manage, click on users and groups
    user_and_groups.png
  2. In the main screen click on Add user/group
    adduser.PNG
  3. Search for the users/groups you want to have access to the application.
    users.PNG
  4. Click on Select
  5. Clcik on Assign

Testing SSO

  1. Go to https://myapplications.microsoft.com/.
  2. Log into the Azure account you granted the application for.
  3. Click on Rivery app.

Was this article helpful?