How to Activate Single Sign On (SSO) in RMS
Overview
Single Sign On (SSO) allows users to access multiple applications using a single login with an Identity Provider.
Single Sign On (SSO) centralises user authentication to a single Identity Provider (IdP) that can provide access to multiple configured applications.
Activating SSO in RMS will require users to be authenticated by the Identity Provider to access RMS.
Setup
The following setup will need to be completed by the IT Administrator and an RMS System Administrator.
Step 1 - Add RMS in the IdP
This step is performed outside of RMS and should be completed by the IT Administrator.
Add RMS as a SAML Application or Endpoint with the Identity Provider (IdP) using the information below.
RMS Entity ID: https://app.rmscloud.com
RMS Digital Registration Card Entity ID: https://app12.rmscloud.com/sso/ClientID?appId=13
Assertion URL: (by Region)
- APAC: https://app12.rmscloud.com/SAML/Assertion
- EMEA: https://app14.rmscloud.com/SAML/Assertion
- Americas: https://app13.rmscloud.com/SAML/Assertion
Login URL: (by Region)
- APAC: https://app12.rmscloud.com/sso/ClientID
- EMEA: https://app14.rmscloud.com/sso/ClientID
- Americas: https://app13.rmscloud.com/sso/ClientID
Attributes
- Name: ClientID
- Value: Your RMS Client Number
*Note: Replace ClientID with the properties RMS Client ID. For Enterprise Properties, this is the Owner's RMS Client ID.
Important:
Complete the following before continuing.
✓ Add RMS to the IdP
✓ Test SSO Login in the IdP
✓ Download the Issuer Certificate
Step 2 - Setup SSO in RMS
After RMS has been added to the Identity Provider, SSO can be activated in RMS.
Selecting the SSO Username Type as 'Federation ID' will require a Federation ID to be setup on all RMS Users before continuing.
✎ Please Note: SSO cannot be trialled independently in the RMS Training Database.
Use the 'Test Login' or 'Test Application' feature within the IdP to ensure RMS has been added correctly prior to activating SSO in RMS.
Have your System Administrator complete the following.
In the Side Menu of RMS, go to Setup > Security
- Navigate to the 'SSO' tab.
- Select the '+' (Add) icon to open the SSO Configuration dialog (or select an existing environment row and click the pencil edit icon to update it).
- Select the Environment.
Please Note: New SSO configurations can be created for Live and RC only. - Toggle 'SSO Enabled' on.
- Enter the Issuer.
- Upload the Identity Provider Certificate.
- Enter the Login URL.
- Enter the Logout URL.
- Select the SSO Username Type.
- Select the SSO Username Location.
- Optional: Enter the Attribute Name (required if 'Username is in an attribute element' is selected).
- Optional: Enter the Name ID format.
- Select 'Save & Exit'.
✎ Please Note: Identity Provider Certificates will be in the file format of .txt, .cer, or .pfx.
Selecting the SSO Username Type as 'Federation ID' requires a Federation ID to be setup on all RMS users before continuing.
Selecting the SSO Username Location as 'Username is in an attribute element' requires an Attribute Name to be specified.
Finished
SSO is now active in RMS.
Users will need to be logged in and authenticated with the Identity Provider to gain access to RMS.
★ Tip: Use the URL below in the Internet Browser to access the RMS Training Database when SSO is active in RMS.
Replace ClientID in the URL below with the property's RMS Client ID.
Comments
0 comments
Please sign in to leave a comment.