For more details on available features in other plans, click here.
Terms to Know
- Identity Provider - The tool that your team uses to provide Single Sign-On functionality. For this article, we'll be exploring a setup process for Azure Active Directory (Azure AD).
- Metadata - Typically an XML file which tells the tools involved with handling your login process how to complete and validate the requests.
- Enforced SAML/SSO - A setting which specifies SAML/SSO as the primary login method for all users on your team and default login method for all new users.
As an Account Admin on a Professional or Enterprise plan, you have the option to setup single sign-on authentication method for your team. In the following article, we will explore how you can quickly and smoothly setup Azure Active Directory (Azure AD) as your team's SAML/SSO authentication method.
Setting Up Single Sign-On with Azure AD
Step 1 - Getting Started in the Azure Portal
- Navigate to the Azure Portal Homepage (portal.azure.com/#home).
- From the options on the left-hand navigation panel, click into Azure Active Directory.
- In the Organization Overview that appears in your content panel, locate and click into the Enterprise Applications option in the Manage section on the left-hand side of the page.
- Once the Enterprise Applications page is loaded, select New Application from the top of the page. This will take you into an application list titled Browse Azure AD Gallery.
- From the search bar at the top of the Browse Azure AD Gallery page, type in "Roadmunk" and select the first option that appears on screen.
- In the panel that appears on the right-hand side, select the Create option. This may take some time to load, but once completed you will be taken into an overview page for the Roadmunk application.
Step 2 - Setting Up the Roadmunk Enterprise Application
- From the Roadmunk Overview page, navigate to option 2 in the Getting Started section, labelled as Set up single sign on.
- In the Select a single sign-on method page that appears, select SAML as your preferred method.
- Selecting the SAML option should take you to the configuration screen labelled Setup Single Sign-On with SAML.
- On this page, click into the Edit button in the top-right corner of section 1 (labelled as Basic SAML Configuration).
- In the panel that appears on the right-hand side, apply the value "login.roadmunk.com" in the fields for the Identifier, Reply URL, and Sign on URL. Click the Save button at the top of the panel to save these changes.
- Once the save completes, scroll down to section 3 (labelled as SAML Signing Certificate). In this section, locate Federation Metadata XML and click the download button to save a copy of the Roadmunk.xml file to your device.
- Once this has been completed, navigate over to Roadmunk in another tab. Please leave this page on Azure open for quick access.
Step 3 - Applying Application Details in Roadmunk and Azure AD
- In Roadmunk, click on your avatar in the bottom left corner and navigate to Account Settings.
- In the Account Settings menu, click into the Company tab.
- Locate the SAML/Single Sign-On (SSO) option at the bottom of the tab and click to toggle it on.
- In the menu options that appear, select Upload your IDP XML File and upload the Roadmunk.xml Metadata file that we saved in Step 2.
- Once that file is attached, the button labelled Download Roadmunk Metadata will become active. Click this button to download the roadmunk_sp_metadata.xml file to your device.
- Once downloaded, flip back over to Azure AD in the other tab and click into the Upload Metadata File option from the top of the configuration screen and follow the prompts to upload the roadmunk_sp_metadata.xml file that we just saved.
- Once uploaded, click Add to apply the changes to your setup.
- The Basic SAML Configuration panel should appear and you should now see the values we entered in Step 2 for Identifier and Reply URL have been overwritten with new unique values.
- Click the Save button at the top of the panel to save these updated values. Once the save has completed, navigate over to Roadmunk in the other tab.
Step 4 - Finalizing the Roadmunk Setup
- Navigating back to Roadmunk, head into the Account Settings menu once more.
- Click into the Security tab to access your active login methods.
- Clicking into the blue + Login Method button in the top-right corner of your Authentication Methods list, we can now see and select the new SSO option that appears at the bottom of the menu.
- Clicking into this will open an Azure AD sign-on screen where you can attach your login to Roadmunk. If you're already logged into Azure when attempting this attachment, it should complete automatically.
- If the Authentication Methods list doesn't refresh automatically, you can close out of the Account Settings and reopen them from your avatar in the bottom-left corner of your app.
Enabling Multi-Factor Authentication for Azure AD Single Sign-On
Azure supports a number of additional authentication layers which can help to provide an extra level of security for you and your team. A great guide on setting up multi-factor authentication for your team in Azure can be found here on Microsoft's Product Documentation for Azure Active Directory.