Save as PDF

Microsoft Azure SAML configuration

Overview

SAML Authentication is a paid add-on feature and must be enabled prior to use. Contact your account manager, or accountmanagers@responsive.io, to enable it.

Responsive uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.

Our single sign-on (SSO) implementation integrates easily with any large identity provider that supports SAML 2.0.

Select the applicable tab for your edition of Responsive.

  • Configuring Responsive in the Azure portal

    For Responsive integration in Azure AD, Responsive must be added from the gallery to your list of managed SaaS apps.

    1. In the Microsoft Azure portal, click Azure Active Directory on the left navigation pane.
      mceclip0.png
    2. Click Enterprise Applications.
      mceclip1.png
    3. Click New application.
      mceclip2.png
    4. Click Business management.
      mceclip3.png
    5. Type Responsive in the Enter a name search box.
      mceclip4.png
    6. Click Responsive.
      mceclip5.png
    7. Click Add.
      mceclip6.png
    8. Click Single sign on.
      mceclip8.png
    9. Click SAML.
      mceclip9.png
    10. Click the Edit icon next to Basic SAML Configuration.
    11. Add the URL https://www.rfpio.com.
      mceclip1.png
    12. Click Save.
    13. In Responsive, go to Organization Settings > My Organization > Security > SSO and copy the Default Relay State value.
    14. Paste the Default Relay State value in the Relay State field.
      mceclip4.png
    15. When the Success message displays, click Single sign-on, then click Edit next to User Attributes & Claims.
      mceclip6.png
    16. Update the values on the User Attributes & Claims page as follows:
      mceclip7.png
      • Change the value for givenname to first_name.
      • Change the value for surname to last_name.
      • If Business Units (BUs) are enabled for your company, change the cost center and responsive_user_role values.
        mceclip0.png
        • You can select any source attribute from the drop-down options. Based on the attribute selected, the user will be mapped in Responsive.
        • For example, if user.department is selected for responsive_user_role, the user's department in Azure will be matched with the corresponding department's role in Responsive.
    17. Click Save. You will get a Complete message when you successfully save.
      mceclip8.png
    18. Click Add attribute and add the following attributes (optional): You can add and provide values for Job title, phone number, and location.
      mceclip10.png
    19. Create the following attributes in the Manage user claims section:
      mceclip12.png
      • Select user.jobtitle from the Name drop-down menu.
      • Change phone to user.telephonenumber.
    20. Click Save. The newly added attributes will be displayed as shown below:
      mceclip13.png
    21. Click SAML-based sign-on.
      mceclip14.png
    22. From the SAML Signing Certificate section, click the Download link next to Federation Metadata XML.
      mceclip15.png
      Successfully downloading the file will display a message as shown below:
      mceclip16.png
    23. Click Users and groups, then click Add user to assign users access to Responsive.
      mceclip17.png
    24. When the Add Assignment page displays, click Users.
      mceclip18.png
    25. Enter the user name to search for a user or select a user from the displayed list.
      mceclip19.png
    26. Click Select.
      mceclip20.png
    27. When the Add Assignment page displays, click Assign.
      mceclip21.png

      Successfully assigning the user will display a success message along with the user as shown below:

      mceclip22.png

    Configuring SAML in Responsive

    1. Go to Organization Settings > My Organization > Security > SSO/SCIM and turn the SSO toggle on.
    2. Enter the domain names to be used in SSO. Multiple domain names can be specified, each in a line.
      Note: Multiple SSO can be created for a single client instance. If required, raise a support ticket. Once approved the team will enable it for the client.
    3. Select SSO Type as SAML from the dropdown.
    4. Type SAML SSO Config in the Name field and click Upload Configuration File associated with Identity Configuration.
    5. If business units (BU) are enabled for your organization, select the BU.
    6. Select the downloaded Federated Metadata XML file from your local machine.
    7. Click Validate.
    8. Once validated, turn the SAML SSO Config toggle on.
    9. Click Save. SAML is configured and users can now use SAML for authentication.

    Responsive - SAML login

    Users can Login to Responsive using SAML in 3 ways.

    Logging in From the Azure Portal

    1. In Azure, click Azure Active Directory > All Applications > Responsive.
      mceclip27.png
    2. Click Properties.
      mceclip28.png
    3. Click the Copy icon associated with User Access URL.
      mceclip29.png
    4. Paste the copied URL in your browser tab and press Enter. You will be redirected to the Microsoft login page.
    5. Provide valid credentials. You will be redirected to Responsive.
      mceclip30.png

    Logging in to app.rfpio.com Using SAML

    1. Provide your email address and click SAML.
      mceclip31.png
    2. Click Sign In Using SAML. You will be logged in to Responsive.
      mceclip32.png  

    Logging in using an instance-specific URL

    To login using instance specific URL, contact your account manager. You can bookmark the URL in your browser.

    Just-in-Time provisioning

    With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to Responsive in your SAML Identity Provider, you don't need to manually create the user in Responsive. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.

    You can also select the default BU (if enabled for your company) for which the SSO login has to be configured.

  • Essentials features are subscription-based and may not be available for all users. Contact your account manager, or accountmanagers@responsive.io, for more details.

 

Was this article helpful?

/