Target Audience: Company Administrator
Related Offer: Enterprise
|
You can enable single sign-on between your Azure Active Directory and Rainbow with SAML protocol. To make it simple, it allows your Company Members to have a single password for all their professionnal applications. |
How to Activate the Single Sign-On between Azure Active Directory and my Company (using SAML)?
Create an Enterprise Application in Azure Active Directory:
- From your Azure dashboard, click on "Enteprise Applications" on the left.
- Then click on "New Application" on the top banner.
- To create a new application, choose "Non-gallery application" on the top-right of the screen.
- Choose a name for this application (for exemple: Rainbow SSO/ SAML) and click on "Add" to validate.
- Once the application is created, go to the "Single Sign-On" settings from the left menu. Choose SAML among the proposed choices.
- Here you can find all information needed to configure Single Sign-On for your Company. Please note the following information: Login URL, Logout URL and the Certificat (download the file "Certificat Base64" and open it with a text editor to find the value).
Note: These information must be used in Rainbow Administration Space to continue the configuration.
Activate Single Sign-On in Rainbow:
- Click on "Manage your Company" in the upper banner of your screen then click on "My Company" on the left menu.
- Click on the subtab "Settings" to acceed to the Single Sign-On option.
- Activate this option clicking on "Configure Single Sign-On (SSO)" and add a new config using the dedicated button.
- On the new window choose "SAML 2.0"and click on "Next" to start the configuration.
- Fill in the form with the information got in Azure Active Directory. For the certificate, add all the text including -Begin Certificat- and -End Certificat-.
- Fill in the field "User ID Attribute" with the following value: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
- Click on "Next" to validate the information, then choose if you want activate the SSO as default authentification method or not. Click on "Save" to end the configuration.
- You can now download the Rainbow Metadata who has to be upload in Azure Active Directory.
Note: You can activate the SSO for all members of your Company or individually for specific users. This option could be activate in the members management space.
Activate Single Sign-On in Azure Active Directory:
- Go back to the application you have created in Azure Active Directory.
- Then click on "Upload Metadata File" on the top banner and choose the file "metadata.xml" downloaded from Rainbow.
- Click on "Add" then "Save" to validate the data. The SSO is now opertaionnal between Rainbow and Azure Active Directory.
- Don't forget to assign users to this application in Azure. To do that, click on "User and groups" on the left menu.
- Choose "Add user" on the top banner and select the users or groups who should have an access to the SSO with Rainbow.
Commentaires
4 commentaires
Hi,
I make and remake all the procedure.
When i check Azure AD log, i see it's granted, but when i test, I have 2 errors:
"SAML Assertion signature check failed! (checked 1 certificate(s))" (error code: 500000)
or
"Assertion can't be decrypted: cookie 'SamlRequestId' is missing" (error code: 400000)
Have you an idea?
Thanks
Hi,
Step 8 : You can now download the Rainbow Metadata who has to be upload in Azure Active Directory.
I'm not able to donwload the file : An error occurred (Unknown error)
Same error with the windows app or with the website.
Can you help me.
Hi Cyprien,
C'est résolu maintenant sans info de Alcatel.
Vous devez vous connecter pour laisser un commentaire.