Microsoft Entra ID SAML configuration

Overview

SAML Authentication is a paid add-on feature and must be enabled prior to use. Contact the Customer Success team at customersuccess@responsive.io to enable it.

Responsive uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.

Our single sign-on (SSO) implementation integrates easily with any large identity provider that supports SAML 2.0, including Microsoft Entra ID (formerly Azure AD).

In this article:

• Configuring Responsive in the Azure portal
• Configuring SAML in Responsive
• Using SAML to log in to Responsive
• Just-in-Time provisioning

Configuring Responsive in the Azure portal

In order to integrate Responsive with Entra ID, you must first go to the Azure portal > Entra Gallery and add Responsive to your list of managed SaaS apps.

1. Go to the Microsoft Azure portal and click More Services, then click Identity on the left navigation pane.
   
2. Click Enterprise Applications.
   
3. Click New application.
   
4. Type RFPIO in the Search application search box.
   
5. Click RFPIO.
   
6. Click Create.
   
7. Click Set up single sign on.
   
8. Click SAML.
   
9. Click the Edit icon next to Basic SAML Configuration.
10. Add the URL https://www.rfpio.com.
    
11. In Responsive, go to Organization Settings > My Organization > Security > SSO and copy the Default Relay State value.
    
12. Paste the Default Relay State value in the Relay State field in the portal.
    
13. Click Save.
14. When the Success message displays click Edit next to Attributes & Claims.
    
15. Update the values on the User Attributes & Claims page as follows:
    • Change the value for givenname to first_name.
    • Change the value for surname to last_name.
    • If Business Units (BUs) are enabled for your company, change the cost center and responsive_user_role values.
      
      • You can select any source attribute from the drop-down options. Based on the attribute selected, the user will be mapped in Responsive.
      • For example, if user.department is selected for responsive_user_role, the user's department in Azure will be matched with the corresponding department's role in Responsive.
16. Click Save. You will get a Complete message when you successfully save.
17. (Optional) Click Add new claim to add the following attributes: Job title, phone number, and location.
    
18. Create the following attributes in the Manage claim section:
    
    • Select user.jobtitle from the Source drop-down menu and change to job_title.
    • Select user.telephonenumber and change to phone.
19. Click Save. The newly added attributes will be displayed as shown below:
    
20. Click SAML-based Sign-on.
    
21. From the SAML Certificate section, click the Download link next to Federation Metadata XML.
    
    Successfully downloading the file will display a message as shown below:
    
22. Click Users and groups, then click Add user to assign users access to Responsive.
    
23. When the Add Assignment page displays, click None Selected under Users.
    
24. Enter the users name in the Search bar or select them from the displayed list.
    
25. Once all required users are selected click Select.
26. When the Add Assignment page displays, click Assign. Successfully assigning the user will display a success message along with the user as shown below:
    

Configuring SAML in Responsive

1. Go to Organization Settings > My Organization > Security > SSO/SCIM and turn the SSO toggle on.
2. Enter the domain names to be used in SSO. Multiple domain names can be specified, each in a line.
   Note: Multiple SSO can be created for a single client instance. If required, raise a support ticket. Once approved the team will enable it for the client.
   
3. Select SSO Type as SAML from the dropdown.
4. Type SAML SSO Config in the Name field and click Upload Configuration File associated with Identity Configuration.
5. If business units (BU) are enabled for your organization, select the BU.
6. Select the downloaded Federated Metadata XML file from your local machine.
   
7. Click Validate.
8. Once validated, turn the SAML SSO Config toggle on.
9. Click Save to complete the configuration. Users can now use SAML for authentication.

Using SAML to log in to Responsive

Users can log in to Responsive using SAML in three ways - from the Azure portal, from app.rfpio.com, or from an instance-specific URL.

Logging in from the Azure portal

1. In the Azure portal, click Entra ID > Enterprise Applications > RFPIO.
   
2. Click Properties from the left pane.
   
3. Click the Copy icon associated with User access URL.
   
4. Paste the copied URL in your browser tab and press Enter. You will be redirected to the Microsoft login page.
5. Provide your valid credentials. You will be redirected to Responsive.

Logging in from app.rfpio.com

1. Provide your email address and click SAML.
2. Click Sign In Using SAML. You will be logged in to Responsive.

Logging in from instance-specific URL

To login using instance specific URL, contact your account manager. You can bookmark the URL in your browser.

Just-in-Time provisioning

With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to Responsive in your SAML Identity Provider, you don't need to manually create the user in Responsive. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.

You can also select the default BU (if enabled for your company) for which the SSO login has to be configured.