Sales
Denmark +45 7944 7000
Europe +45 7944 7000
North America +1 (202)-536-4165
Support
Denmark +45 7944 7002
North America +1 (202)-536-4165
Start a conversation

External Authentication Details for SAML2 in Azure

Overview

This article provides step-by-step instructions on how to retrieve external authentication details for RC backend login using Microsoft account with SAML2.

Authentication Details for SAML2

Part A. Register application in Azure AD

Go to Azure portal  Azure Active Directory  Enterprise applications  Click [New application] which opens ‘Browse Azure AD Gallery’ screen. Then click [Create your own application]

Enter the name of your app, select the 3rd option - ‘Intergrate any other application you don’t find in the gallery’. Then click [Create] button at the bottom of the screen.

Part B. Configure the details for the created Azure AD app

Identifier (Entity ID)

Go to Azure portal  Azure Active Directory  Enterprise applications. Click [View all applications] then select the app that you registered in Part A to see its details. Click [Single sign-on] ➔ SAML


A new panel is opened.

Now click the [Edit] button on the Basic SAML Configuration section. A new panel shows up on the right side of the screen:

 

For Identifier (Entity ID), enter the URL of RC backend.

For Reply URL, it can be composed with the following format:

[RC Backend URL]/ExAuth/Saml2Authentication/Acs

In the above example, the RC Backend URL is https://resourcecentral.com/resourcecentral, so the Reply URL you can fill in is:

https://resourcecentral.com/resourcecentral/ExAuth/Saml2Authentication/Acs 

Click [Save] to finish.

Login URL, Logout URL and Azure AD Identifier

Go to Azure portal  Azure Active Directory  Enterprise applications  All applications. Then select the app that you registered in Part A to see its details.

Click [Single sign-on] and scroll down to the Set up [App name] section (i.e., ‘Set up SSO_for_RC’):

You can see the details for Login URL, Logout URL, and Azure AD Identifier highlighted in the above figure.

Return URL

You can compose the Return URL with the following format:

[RC Backend URL]/ExAuth/Saml2Authentication/CallbackHandler

In the above example, the RC Backend URL is https://resourcecentral.com/resourcecentral, so the Reply URL you can fill in is:

https://resourcecentral.com/resourcecentral/ExAuth/Saml2Authentication/CallbackHandler 

Certificate (.pfx) and PFX Password

Usually, you have been provided with the .pfx file and the attached password after you buy the certificate (with key). This certificate must be created with the parameter provider = Microsoft Enhanced RSA and AES Cryptographic Provider.

Part C. Configure SAML Signing Certificate

Go to Azure portal  Azure Active Directory  Enterprise applications  All applications then select the app that you registered in Part A to see its details. 

Click [Single sign-on] and scroll down to the ‘SAML Signing Certificate’ then click [Edit]:

A new panel is opened.

Click [Import certificate] to upload your PFX file. 

Part D. Configure External Authentication in the RC backend

Log in to RC backend and click [Authentication] on the left menu. On ‘External Authentication’ section, select SAML2 for ‘Authentication Protocol’ then configure as shown in the following figures:

Properties

Applies toRC 4.2+

Reference: TFS #339238

Knowledge base ID: 0321

Last updated: Apr 19, 2023

Choose files or drag and drop files