Microsoft Azure SAML Configuration

SAML Authentication in RFPIO

RFPIO uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.

Our SSO implementation integrates easily with any large identity provider that supports SAML 2.0.

Configuring RFPIO in Azure Portal

For RFPIO integration in Azure AD, RFPIO should be added from the gallery to your list of managed SaaS apps.

To configure RFPIO integration in Azure AD, you can follow the steps below:

1. In the Microsoft Azure portal, on the left navigation pane, click Azure Active Directory.

 

2. The Overview page will be displayed. Click Enterprise Applications.

  

3. The Enterprise applications - All Applications page will be displayed. Click New application.

  

4. A page as shown below will be displayed. Click Business management.

  

5. The Add from the gallery section will be displayed. Enter RFPIO in the Enter a name search box.

  

6. Click RFPIO.

  

7. The RFPIO section will be displayed. Click Add.

  

8. A message as shown below will be displayed:

    

9. Successfully adding the application will display the RFPIO – Getting started page. Click Single sign on.

   

10. The Select a single sign-on method will be displayed. Click SAML.

   

11. Click edit icon associated with Basic SAML Configuration.

  

The Identifier (Entity ID) section will be displayed as shown below:

   

12. Add the URL: https://www.rfpio.com.
13. Click Save.

  

14. Next, login to RFPIO. Click Organization Settings > Security > SSO.

   

15. Copy the value of Default Relay State and paste in the Relay State field.

   

Successfully saving the configuration will display a message as shown below:

   

16. Click Single sign-on. Click edit icon associated with User Attributes & Claims.

  

The User Attributes & Claims page will be displayed.

   

17. You need to change values for givenname and user.surname as given below:

Old	New
givenname	first_name
surname	last_name

 

Note: In addition to the above, you need to create the following claims if Business Unit (paid add-on) is enabled for your company.  rfpio_user_role cost centre You can select any source attribute from the drop-down options. Based on the attribute selected, the user will be mapped in RFPIO. For example, if user.department is selected for rfpio_user_role, The user's department in Azure will be matched with the corresponding department's role in RFPIO.

 

18. Click Save.

   

Successfully saving the details will display a message as shown below:

   

19. You can also add attribute by clicking Add attribute. You can add and provide values for Job title, phone number, and location.

  

The Manage user claims section will be displayed.

  

20. Create the following attributes: 

Name	Value (from the dropdown menu)
job_title	user.jobtitle
phone	user.telephonenumber

     

21. Click Save to save the attribute.

A success message will be displayed and the newly added attributes will be displayed as shown below:

   

22. Click SAML-based Sign-on.

   

The RFPIO - SAML-based sign-on page will be displayed. From the SAML Signing Certificate section, click Download associated with Federation Metadata XML.

   

Successfully downloading the file will display a message as shown below:

   

23. Next, assign users to access RFPIO. Click Users and groups and then Add user.

   

24. The Add Assignment page will be displayed. Click Users.

   

25. The Users section will be displayed.

   

26. Enter the user name to search for a user or select a user from the displayed list.

   

27. Click Select. The Add Assignment page will be displayed as shown below:

   

28. Click Assign. Successfully assigning the user will display a success message and will display the user as shown below:

  

 

RFPIO Configuration

To configure SAML in RFPIO, follow the steps below:

1. Login to RFPIO. Click Organization Settings > Security > SSO.
2. Turn ON the toggle switch associated with SSO.

  

3. Once turned on, enter the domain names to be used in SSO. Multiple domain names can be specified, each in a line.

   

4. Click and expand the Onelogin SAML section.
5. Enter the Name as SAML SSO Config and click CHOOSE FILE associated with Identity Configuration.
6. Select the downloaded Federated Metadata XML file from your local machine.

  

7. Click VALIDATE.

  

8. Once validated, turn on the toggle switch SAML SSO Config (Enabled).

   

9. Click SUBMIT.

Note: If Business Unit (BU) is enabled for your organization, you have to select the BU. 

 

SAML is configured and users can now use SAML for authentication.

Note: Multiple SSO can be created for a single client instance. If required, raise a support ticket. Once approved the team will enable it for the client.

 

RFPIO - SAML Login

Users can Login to RFPIO using SAML in 3 ways.

Login from Azure Portal

To login from Azure Portal, follow the steps below:

1. Click Azure Active Directory > All Applications > RFPIO.

2. The RFPIO – Overview page will be displayed. Click Properties.

3. Click copy icon associated with User Access URL.

4. Paste the copied URL in your browser tab and press Enter. You will be redirected to the Microsoft login page.
5. Provide valid credentials, you will be redirected to RFPIO application.

    

 

Login to app.rfpio.com using SAML

To login using SAML, follow the steps below:

1. Provide your Email address and click SAML.

2. Click SIGN-IN USING SAML.

  

You will be logged in to the RFPIO application.

 

Login using instance specific URL

To login using instance specific URL, contact your account manager. You can bookmark the URL in your browser.

 

Just-in-Time Provisioning

With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to RFPIO in your SAML Identity Provider, you don't need to manually create the user in RFPIO. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.

You can also select the default Business Unit for which the SSO login has to be configured (if business unit,  a paid add-on has been enabled for your company).