Target Audience: Company Administrator
Related Offer: Enterprise
You can enable single sign-on between your Azure Active Directory and Rainbow with SAML protocol. To make it simple, it allows your Company Members to have a single password for all their professionnal applications.
How to Activate the Single Sign-On between Azure Active Directory and my Company (using SAML)?
Create an Enterprise Application in Azure Active Directory:
- From your Azure dashboard, click on "Enteprise Applications" on the left.
- Then click on "New Application" on the top banner.
- To create a new application, choose "Non-gallery application" on the top-right of the screen.
- Choose a name for this application (for exemple: Rainbow SSO/ SAML) and click on "Add" to validate.
- Once the application is created, go to the "Single Sign-On" settings from the left menu. Choose SAML among the proposed choices.
- Here you can find all information needed to configure Single Sign-On for your Company. Please note the following information: Login URL, Logout URL and the Certificat (download the file "Certificat Base64" and open it with a text editor to find the value).
Note: These information must be used in Rainbow Administration Space to continue the configuration.
Activate Single Sign-On in Rainbow:
- Click on "Manage your Company" in the upper banner of your screen then click on "My Company" on the left menu.
- Click on the subtab "Settings" to acceed to the Single Sign-On option.
- Activate this option clicking on "Configure Single Sign-On (SSO)" and add a new config using the dedicated button.
- On the new window choose "SAML 2.0"and click on "Next" to start the configuration.
- Fill in the form with the information got in Azure Active Directory. For the certificate, add all the text including -Begin Certificat- and -End Certificat-.
- Fill in the field "User ID Attribute" with the following value: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
- Click on "Next" to validate the information, then choose if you want activate the SSO as default authentification method or not. Click on "Save" to end the configuration.
- You can now download the Rainbow Metadata who has to be upload in Azure Active Directory.
Note: You can activate the SSO for all members of your Company or individually for specific users. This option could be activate in the members management space.
Activate Single Sign-On in Azure Active Directory:
- Go back to the application you have created in Azure Active Directory.
- Then click on "Upload Metadata File" on the top banner and choose the file "metadata.xml" downloaded from Rainbow.
- Click on "Add" then "Save" to validate the data. The SSO is now opertaionnal between Rainbow and Azure Active Directory.
- Don't forget to assign users to this application in Azure. To do that, click on "User and groups" on the left menu.
- Choose "Add user" on the top banner and select the users or groups who should have an access to the SSO with Rainbow.