SAML Authentication in Responsive
Responsive uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.
Our SSO implementation integrates easily with any large identity provider that supports SAML 2.0.
Configuring Responsive in Azure Portal
For Responsive integration in Azure AD, Responsive should be added from the gallery to your list of managed SaaS apps.
To configure Responsive integration in Azure AD, you can follow the steps below:
- In the Microsoft Azure portal, on the left navigation pane, click Azure Active Directory.
- The Overview page will be displayed. Click Enterprise Applications.
- The Enterprise applications - All Applications page will be displayed. Click New application.
- A page as shown below will be displayed. Click Business management.
- The Add from the gallery section will be displayed. Enter Responsive in the Enter a name search box.
- Click Responsive.
- The Responsive section will be displayed. Click Add.
- A message as shown below will be displayed:
- Successfully adding the application will display the Responsive – Getting started page. Click Single sign on.
- The Select a single sign-on method will be displayed. Click SAML.
- Click edit icon associated with Basic SAML Configuration.
The Identifier (Entity ID) section will be displayed as shown below:
- Add the URL: https://www.rfpio.com.
- Click Save.
- Next, login to Responsive. Click Organization Settings > Security > SSO.
- Copy the value of Default Relay State and paste in the Relay State field.
Successfully saving the configuration will display a message as shown below:
- Click Single sign-on. Click edit icon associated with User Attributes & Claims.
The User Attributes & Claims page will be displayed.
- You need to change values for givenname and user.surname as given below:
Note: In addition to the above, you need to create the following claims if Business Unit (paid add-on) is enabled for your company.
You can select any source attribute from the drop-down options. Based on the attribute selected, the user will be mapped in Responsive. For example, if user.department is selected for responsive_user_role, The user's department in Azure will be matched with the corresponding department's role in Responsive.
- Click Save.
Successfully saving the details will display a message as shown below:
- You can also add attribute by clicking Add attribute. You can add and provide values for Job title, phone number, and location.
The Manage user claims section will be displayed.
- Create the following attributes:
Value (from the dropdown menu)
- Click Save to save the attribute.
A success message will be displayed and the newly added attributes will be displayed as shown below:
- Click SAML-based Sign-on.
The Responsive - SAML-based sign-on page will be displayed. From the SAML Signing Certificate section, click Download associated with Federation Metadata XML.
Successfully downloading the file will display a message as shown below:
- Next, assign users to access Responsive. Click Users and groups and then Add user.
- The Add Assignment page will be displayed. Click Users.
- The Users section will be displayed.
- Enter the user name to search for a user or select a user from the displayed list.
- Click Select. The Add Assignment page will be displayed as shown below:
- Click Assign. Successfully assigning the user will display a success message and will display the user as shown below:
To configure SAML in Responsive, follow the steps below:
- Login to Responsive. Click Organization Settings > Security > SSO.
- Turn ON the toggle switch associated with SSO.
- Once turned on, enter the domain names to be used in SSO. Multiple domain names can be specified, each in a line.
- Click and expand the Onelogin SAML section.
- Enter the Name as SAML SSO Config and click CHOOSE FILE associated with Identity Configuration.
- Select the downloaded Federated Metadata XML file from your local machine.
- Click VALIDATE.
- Once validated, turn on the toggle switch SAML SSO Config (Enabled).
- Click SUBMIT.
Note: If Business Unit (BU) is enabled for your organization, you have to select the BU.
SAML is configured and users can now use SAML for authentication.
Note: Multiple SSO can be created for a single client instance. If required, raise a support ticket. Once approved the team will enable it for the client.
Responsive - SAML Login
Users can Login to Responsive using SAML in 3 ways.
Login from Azure Portal
To login from Azure Portal, follow the steps below:
- Click Azure Active Directory > All Applications > Responsive.
- The Responsive – Overview page will be displayed. Click Properties.
- Click copy icon associated with User Access URL.
- Paste the copied URL in your browser tab and press Enter. You will be redirected to the Microsoft login page.
- Provide valid credentials, you will be redirected to Responsive application.
Login to app.rfpio.com using SAML
To login using SAML, follow the steps below:
- Provide your Email address and click SAML.
- Click SIGN-IN USING SAML.
You will be logged in to the Responsive application.
Login using instance specific URL
To login using instance specific URL, contact your account manager. You can bookmark the URL in your browser.
With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to Responsive in your SAML Identity Provider, you don't need to manually create the user in Responsive. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.
You can also select the default Business Unit for which the SSO login has to be configured (if business unit, a paid add-on has been enabled for your company).