Overview
SAML Authentication is a paid add-on feature and must be enabled prior to use. Contact your account manager, or accountmanagers@responsive.io, to enable it.
Responsive uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.
Our single sign-on (SSO) implementation integrates easily with any large identity provider that supports SAML 2.0.
Select the applicable tab for your edition of Responsive.
-
Configuring Responsive in the Azure portal
For Responsive integration in Azure AD, Responsive must be added from the gallery to your list of managed SaaS apps.
- In the Microsoft Azure portal, click Azure Active Directory on the left navigation pane.
- Click Enterprise Applications.
- Click New application.
- Click Business management.
- Type Responsive in the Enter a name search box.
- Click Responsive.
- Click Add.
- Click Single sign on.
- Click SAML.
- Click the Edit icon next to Basic SAML Configuration.
- Add the URL https://www.rfpio.com.
- Click Save.
- In Responsive, go to Organization Settings > My Organization > Security > SSO and copy the Default Relay State value.
- Paste the Default Relay State value in the Relay State field.
- When the Success message displays, click Single sign-on, then click Edit next to User Attributes & Claims.
- Update the values on the User Attributes & Claims page as follows:
- Change the value for givenname to first_name.
- Change the value for surname to last_name.
- If Business Units (BUs) are enabled for your company, change the cost center and responsive_user_role values.
- You can select any source attribute from the drop-down options. Based on the attribute selected, the user will be mapped in Responsive.
- For example, if user.department is selected for responsive_user_role, the user's department in Azure will be matched with the corresponding department's role in Responsive.
- Click Save. You will get a Complete message when you successfully save.
- Click Add attribute and add the following attributes (optional): You can add and provide values for Job title, phone number, and location.
- Create the following attributes in the Manage user claims section:
- Select user.jobtitle from the Name drop-down menu.
- Change phone to user.telephonenumber.
- Click Save. The newly added attributes will be displayed as shown below:
- Click SAML-based sign-on.
- From the SAML Signing Certificate section, click the Download link next to Federation Metadata XML.
Successfully downloading the file will display a message as shown below:
- Click Users and groups, then click Add user to assign users access to Responsive.
- When the Add Assignment page displays, click Users.
- Enter the user name to search for a user or select a user from the displayed list.
- Click Select.
- When the Add Assignment page displays, click Assign.
Successfully assigning the user will display a success message along with the user as shown below:
Configuring SAML in Responsive
- Go to Organization Settings > My Organization > Security > SSO/SCIM and turn the SSO toggle on.
- Enter the domain names to be used in SSO. Multiple domain names can be specified, each in a line.
Note: Multiple SSO can be created for a single client instance. If required, raise a support ticket. Once approved the team will enable it for the client.
- Select SSO Type as SAML from the dropdown.
- Type SAML SSO Config in the Name field and click Upload Configuration File associated with Identity Configuration.
- If business units (BU) are enabled for your organization, select the BU.
- Select the downloaded Federated Metadata XML file from your local machine.
- Click Validate.
- Once validated, turn the SAML SSO Config toggle on.
- Click Save. SAML is configured and users can now use SAML for authentication.
Responsive - SAML login
Users can Login to Responsive using SAML in 3 ways.
Logging in From the Azure Portal
- In Azure, click Azure Active Directory > All Applications > Responsive.
- Click Properties.
- Click the Copy icon associated with User Access URL.
- Paste the copied URL in your browser tab and press Enter. You will be redirected to the Microsoft login page.
- Provide valid credentials. You will be redirected to Responsive.
Logging in to app.rfpio.com Using SAML
- Provide your email address and click SAML.
- Click Sign In Using SAML. You will be logged in to Responsive.
Logging in using an instance-specific URL
To login using instance specific URL, contact your account manager. You can bookmark the URL in your browser.
Just-in-Time provisioning
With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to Responsive in your SAML Identity Provider, you don't need to manually create the user in Responsive. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.
You can also select the default BU (if enabled for your company) for which the SSO login has to be configured.
- In the Microsoft Azure portal, click Azure Active Directory on the left navigation pane.
-
Essentials features are subscription-based and may not be available for all users. Contact your account manager, or accountmanagers@responsive.io, for more details.