SAML Authentication in RFPIO
RFPIO uses the secure and widely adopted industry standard Security Assertion Markup Language 2.0 (SAML 2.0) and supports SAML Authentication as an add-on feature.
Our SSO implementation integrates easily with any large identity provider that supports SAML 2.0.
For okta configuration, you can follow the steps below:
- Login to okta using valid credentials.
- Click Applications and select Applications.
- Click Add Applications.
- The Add Application page will be displayed. Enter RFPIO in the search box.
- Click Add associated with RFPIO. The Add RFPIO page will be displayed as shown:
- Click Done. The Assignments tab will be displayed.
- Click Assign and select Assign to People.
- The Assign RFPIO to People pop-up will be displayed. Click Assign.
- Enter username and click Save and Go Back.
- Click Done.
- The assigned user will be displayed as shown. Click Sign On.
- Click Edit.
- Enter value for Default Relay State.
Note: Replace Default Relay State with the Default Relay State value in RFPIO > Organization Settings > SECURITY > SSO.
- Select Email as the value for Application username format.
- Click Save. A success message will be displayed.
- Click Identity Provider metadata to download the metadata file.
Note: If the file is not downloaded, copy the file data and paste in its field.
To make configurations from the RFPIO application, you can follow the steps below:
- Login to https://app.rfpio.com and click Organization Settings.
- From the Organization Settings page, click SECURITY and then SSO.
- If the SAML SSO feature not displayed, contact your account manager.
- Multiple SSO can be created for a single client instance. If interested, raise a support ticket. Once approved the team will enable it for the client.
- Enable the toggle switch near SSO and click Submit.
- Click ADD NEW. The Add new SSO section will be displayed as shown below:
- Enter the name as okta.
- Click CHOOSE FILE and upload the metadata file. Alternatively, you can paste the copied XML data.
- Click VALIDATE.
- Once validated, turn on the toggle switch associated with okta (Disabled).
The configuration is complete and the user can use SAML for authentication.
RFPIO - SAML Login
The user can Login to RFPIO using SAML in 3 ways.
Login from Okta Dashboard
From the okta dashboard, click RFPIO App.
You will be navigated to the RFPIO application page.
Login to app.rfpio.com using SAML
- Enter the URL app.rfpio.com.
- Click CONTINUE. A page as shown below will be displayed.
Login using instance specific URL
Contact your account manager to get instance specific URL which can be bookmarked in your browser.
Just -in-Time Provisioning
With Just-in-Time provisioning, you can use a SAML assertion to create regular and portal users on the fly the first time they try to log in. This eliminates the need to create user accounts in advance. For example, if you recently added an employee to your organization and have provided access to RFPIO in your SAML Identity Provider, you don't need to manually create the user in RFPIO. When they log in with single sign-on for the 1st time, their account is automatically created for them, eliminating the time and effort with on-boarding the account. The new user can be assigned as Admin or Manager or Team Member role by defining the role in the SAML integration. Choose None. It helps in protecting unauthorized user login through SAML.