Single Sign-On
Single sign-on (SSO) allows you to give your team members one account for all the systems your company uses. If you have an Azion Enterprise account and have SSO configured for your company, your users can log into Real-Time Manager (RTM) using their SSO credentials.
Only users with Account Owner status can configure team member login settings using one of two account authentication options: Azion SSO or an external Identity Provider (IdP).
1. Definitions
- Identity Provider (IdP): Identity Provider (IdP): is a trusted entity that allows you to enable single sign-on to access other sites or services, such as Azion. Your users can continue using their corporate user identities without having to remember a specific password or enter credentials each time they access RTM. Azure is an example of an Identity Provider.
- Service Provider: Azion, in this context, is the service provider configured as an application in an identity provider to enable single sign-on.
- Security Assertion Markup Language (SAML): is an open standard protocol for exchanging authentication and authorization data between parties, in particular between an Identity Provider and a Service Provider. SAML is an XML-based markup language for security statements (statements that service providers use to make access control decisions). Azion supports the SAML protocol, version 2.0.
- OpenID Connect (OIDC): OpenID Connect is an open standard identity protocol that uses OAuth 2.0 for authentication and authorization, and then builds identities that uniquely identify users.
2. Configuring SSO integration in RTM
After creating an SSO application in your identity provider, proceed as follows to configure this integration in RTM:
- Log into Real-Time Manager with your username and password.
- Go to the Account menu on the upper right corner and click SSO Management.
- Click the Add Identity Provider button and choose the protocol you want to register.
Your Identity Provider will provide you with the information you need to complete the configuration form for each protocol. Azion helps you fill in the fields in each form to make it easier for you.
- To learn how to configure a SAML Identity Provider, click here.
- To learn how to configure an OIDC Identity Provider, click here.
When you have finished setting up an identity provider, click Save. You will be redirected to the list of identity providers, where you can view all the providers created in your account.
You can add as many Identity Providers as you like. However, you can only activate one provider at a time.
3. Editing an Identity Provider (IdP) Data
- Click SSO Management in the Account menu.
- Click the edit icon (…) to open the option to edit the provider.
- After making the changes you want, click Save.
You cannot delete an active IdP, but you can disable it. If you choose to disable it, simply choose another external IdP or Azion’s SSO.
4. Changing your account’s Identity Provider
- Click SSO Management in the Account menu.
- Select the Identity Provider you want to start using.
- Next, a confirmation window will open.
- Confirm the change.
5. SAML Identity Provider
Configuring a SAML Identity Provider
- Log on RTM, click SSO Management in the Account menu.
- Click Add Identity Provider and choose the SAML option.
- Choose a name that identifies the Identity Provider.
- Fill in the following fields with the data copied from your Identity Provider:
- Identity provider’s Entity ID URI
- Sign-in URL
- Certificate
- Finally, click Save. You will be redirected to the list of identity providers, where you can view all the providers created in your account.
Completing the configuration with Azion as Service Provider in your Identity Provider
To complete the setup with Azion as a service provider on your Identity Provider, you will need the following information that can be found on the setup form itself:
- Login URL.
- Assertion Consumer Service URL.
- Service Provider’s Entity ID URI.
Paste this information into the SSO application configuration form in your Identity Provider. And that’s it! The SSO integration is ready to be activated in RTM.
Activating the Identity Provider in RTM
Before activating an identity provider, make sure the SSO application is properly configured in your identity provider.
To activate an identity provider present in the list of providers registered in your RTM account, simply select it. A confirmation will be requested. Upon confirmation, RTM trusts the authentication of its users to the chosen identity provider.
6. OIDC Identity Provider
Configuring a OIDC Identity Provider
- Log on RTM, click SSO Management in the Account menu.
- Click Add Identity Provider and choose the OIDC option.
- Choose a name that identifies the Identity Provider.
- Fill in the following fields with the data copied from your identity provider:
- Authorization URL
- UserInfo URL
- Token URL
- Client IDClient Secret
- Scopes
- Finally, click Save. You will be redirected to the list of identity providers, where you can view all the providers created in your account.
Completing the configuration with Azion as Service Provider in your Identity Provider
To complete the setup with Azion as a service provider on your Identity Provider, you will need the following information that can be found on the setup form itself:
- Login URL
- Redirect URL
Paste this information into the SSO application configuration form in your Identity Provider. That’s it! The SSO integration is ready to be activated in RTM.
Activating the Identity Provider in RTM
Before activating an identity provider, make sure the SSO application is properly configured in your identity provider.
To activate an identity provider present in the list of providers registered in your RTM account, simply select it. A confirmation will be requested. Upon confirmation, RTM trusts the authentication of its users to the chosen identity provider.
Didn’t find what you were looking for? Open a support ticket.