SSO Sign in
2 mins
V6 ProV6 MSP
1. Overview
SSO Sign in is a feature that allows you to use your existing SAML 2.0 compliant Identity Provider to authenticate users in rConfig. This feature is available in rConfig v6.11.4 and above. The table below shows the Identity Providers that have been tested with rConfig at which version.
Identity Provider | Version | Tested |
---|---|---|
Microsoft | 6.11.4 | Yes |
We will add more providers to this list as we test them. If you have tested a provider and would like to add it to this list, please contact us.
To setup SSO Sign in, you will need to configure your Identity Provider and rConfig. The steps below will guide you through the process.
⚠️ Note: Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information.
2. Configure your Identity Provider
2.1. Create a new application for Microsoft Azure
Azure configuration
- Create the app
On the portal azure click on “App registrations” App registration
Then click on “New registration”
Choose a name for your application
Choose the supported account types
On Redirect URI choose “web” and fill the uri with the callback route of your laravel application (microsoft at the end of the URL is important):https://YourFqdn.domain.com/auth/callback/microsoft
Then click on “Register” - For The AZURE_CLIENT_SECRET :
- Click on Add a certificate or secret
- Click on New client secret
- Choose a description
- Click on adding button
- Copy the Value key
- Edit the rConfig .env file, located at
/var/www/html/rconfig6/current/.env
and add or edit the following lines :MICROSOFT_CLIENT_ID=your_client_id(Application (client) ID ) MICROSOFT_CLIENT_SECRET=your_client_secret (Secret Value) MICROSOFT_REDIRECT_URI=https://YourFqdn.domain.com/auth/callback/microsoft MICROSOFT_TENANT_ID='you_tenant_id'
Note: MICROSOFT_TENANT_ID: This is required if you configured the app registration to be single tenant
Save the file, exit and run the following commandphp artisan rconfig:clear-all
If everything is setup correctly, a new login button will appear on the login page. See the screenshot below.
Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information. They will get the error below until they area approved by an admin.
Please check out our YouTube video on this topic.