- 2 Minutes to read
- Print
- DarkLight
- PDF
Single Sign On Using Azure AD
- 2 Minutes to read
- Print
- DarkLight
- PDF
Overview
Rivery supports connecting into your account using Single Sign On (SSO) method, using your Azure Active Directory configuration.
Prerequisites
- An Azure Active Directory account.
- Rivery Account with the sufficient permissions.
- Entity and ACS endpoints provided by Rivery Support.
Configuring needed in Azure
Log into your Azure Account and go to Active Directory in the top search panel.
In the main menu in the left, click on Enterprise Applications.
Click on New Application.
In the Applicaions panel, click on **Create your own application
**. Name it in the right panel (i.e Rivery) and check it with Integrate any other application you don't find in the gallery
In the left menu, go to Single sign-on and then click on SAML
Send to Rivery Support the metadata url under the SAML Signing Certificate section. You'll get back the Metadata endpoints, and the ACS endpoint to configure.
7.Click on Edit in order to set up the (Assertion Customer Service) ACL ,the Identify urls and the Relay state URL.
- Under Basic SAML Configuration set the 2 endpoints provided you by Rivery support and the Relay State URL.
Make sure to remove any default preset URLs.
If no endpoints provided, please ask them by opening a support ticket here, and click on save.
For example:
Identifier (Entity ID)
-> https://<rivery-auth-url>/MYACCOUNT-IDPID/metadata
Reply URL (Assertion Consumer Service URL) - > https://<rivery-auth-url>/MYACCOUNT-IDPID/?acs
Copy Rivery URL of the region of your console and and paste it on the Relay State
Relay State -> https://console.rivery.io # For US console
Relay State -> https:///eu-west-1.console.rivery.io # for EU West 1 console
- Under the User Attributes and Claims add the next parameters. Keep of case sensativity and set them as they are below:
NameID: user.mail
email: user.mail
firstname: user.givenname
lastname: user.surname
name: user.userprincipalname
Unique User Identifier: user.userprincipalname
When you click on the edit button, the additional claims screen should look like below:
Adding users to the application
Ignore the steps under Adding users if your application is not set with 'User assignment required'.
- In the left side panel under manage, click on users and groups
- In the main screen click on Add user/group
- Search for the users/groups you want to have access to the application.
- Click on Select
- Clcik on Assign
Testing SSO
- Go to https://myapplications.microsoft.com/.
- Log into the Azure account you granted the application for.
- Click on Rivery app.