SSO Sign in

2 mins

V6 ProV6 MSP

1. Overview

SSO Sign in is a feature that allows you to use your existing SAML 2.0 compliant Identity Provider to authenticate users in rConfig. This feature is available in rConfig v6.11.4 and above. The table below shows the Identity Providers that have been tested with rConfig at which version.

Identity ProviderVersionTested
Microsoft6.11.4Yes

We will add more providers to this list as we test them. If you have tested a provider and would like to add it to this list, please contact us.

To setup SSO Sign in, you will need to configure your Identity Provider and rConfig. The steps below will guide you through the process.

⚠️ Note: Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information.

2. Configure your Identity Provider

2.1. Create a new application for Microsoft Azure

Azure configuration

  1. Create the app
    On the portal azure click on “App registrations” App registration App registration
    Then click on “New registration” New Registration
    Choose a name for your application
    Choose the supported account types
    On Redirect URI choose “web” and fill the uri with the callback route of your laravel application (microsoft at the end of the URL is important):
    https://YourFqdn.domain.com/auth/callback/microsoft
    

    Then click on “Register”
  2. For The AZURE_CLIENT_SECRET :
    • Click on Add a certificate or secret
    • Click on New client secret
    • Choose a description
    • Click on adding button
    • Copy the Value key

    New Registration
  3. Edit the rConfig .env file, located at /var/www/html/rconfig6/current/.env and add or edit the following lines :
    MICROSOFT_CLIENT_ID=your_client_id(Application (client) ID )
    MICROSOFT_CLIENT_SECRET=your_client_secret (Secret Value)
    MICROSOFT_REDIRECT_URI=https://YourFqdn.domain.com/auth/callback/microsoft
    MICROSOFT_TENANT_ID='you_tenant_id'
    

    Note: MICROSOFT_TENANT_ID: This is required if you configured the app registration to be single tenant
    Save the file, exit and run the following command
     php artisan rconfig:clear-all
    

If everything is setup correctly, a new login button will appear on the login page. See the screenshot below.

SSO Login

Users are not automatically granted access to the application by default when they sign in using SSO. They will need to be approved before they can login to rConfig. See the User Management section for more information. They will get the error below until they area approved by an admin.

SSO Login Error

Please check out our YouTube video on this topic.