Povratne informacije Uredi

Tutorial: Azure Active Directory single sign-on (SSO) integration with Roadmunk

  • Članak
  • 5 min. za čitanje

In this tutorial, you'll learn how to integrate Roadmunk with Azure Active Directory (Azure AD). When you integrate Roadmunk with Azure AD, you can:

  • Control in Azure AD who has access to Roadmunk.
  • Enable your users to be automatically signed in to Roadmunk by using their Azure AD accounts.
  • Manage your accounts in one central location, the Azure portal.

Prerequisites

To get started, you need the following items:

  • An Azure AD subscription. If you don't have a subscription, you can get a free account.
  • A Roadmunk subscription that's enabled for single sign-on (SSO).

Scenario description

In this tutorial, you configure and test Azure AD SSO in a test environment.

Roadmunk supports SSO that's started by the service provider (SP) and by the identity provider (IDP).

To integrate Roadmunk into Azure AD, from the gallery, add Roadmunk to your list of managed SaaS apps:

  1. Sign in to the Azure portal by using a work or school account or a personal Microsoft account.
  2. In the left pane, select Azure Active Directory.
  3. Go to Enterprise Applications, and then select All Applications.
  4. To add a new application, select New application.
  5. In the Add from the gallery section, in the search box, type Roadmunk.
  6. Select Roadmunk from the results, and then add the app. Wait a few seconds while the app is added to your tenant.

Configure and test Azure AD SSO for Roadmunk

Configure and test Azure AD SSO with Roadmunk by using a test user called B.Simon. To make SSO work, you need to establish a link relationship between an Azure AD user and the related user in Roadmunk.

Here's an overview of how to configure and test Azure AD SSO with Roadmunk:

  1. Configure Azure AD SSO so that your users can use this feature.
    1. Create an Azure AD test user to test Azure AD SSO by using B.Simon.
    2. Assign the Azure AD test user to enable B.Simon to use Azure AD SSO.
  2. Configure Roadmunk SSO to configure the SSO settings on the application side.
    1. Create a Roadmunk test user so that you can link the counterpart of B.Simon in Roadmunk to the Azure AD representation of the user.
  3. Test SSO to make sure the configuration works.

Configure Azure AD SSO

Follow these steps to enable Azure AD SSO in the Azure portal:

  1. In the Azure portal, on the Roadmunk application integration page, find the Manage section, and then select single sign-on.

  2. On the Select a single sign-on method page, select SAML.

  3. On the Set up single sign-on with SAML page, select the pen icon for Basic SAML Configuration to edit the settings.

    Screenshot showing the Edit icon for Basic SAML Configuration.

  4. In the Basic SAML Configuration section, if you have an SP metadata file and you want to configure in IDP-initiated mode, follow these steps:

    a. Select Upload metadata file.

    Screenshot showing the link for Upload metadata file.

    b. Select the folder icon to choose the metadata file that you downloaded in step 4 of the "Configure Roadmunk SSO" procedure. Then select Upload.

    Screenshot showing how to choose the metadata file.

    After the metadata file is uploaded, in the Basic SAML Configuration section, the Identifier and Reply URL values are automatically populated.

    Screenshot showing the Basic SAML Configuration section. The Identifier field and the Reply URL field are highlighted.

    Note

    If the Identifier and Reply URL values aren't automatically populated, then fill in the values manually.

  5. If you want to configure the application in SP-initiated mode, select Set additional URLs. In the Sign-on URL field, type https://login.roadmunk.com

    Screenshot showing where to set a sign-on URL for SP-initiated mode.

  6. On the Set up single sign-on with SAML page, in the SAML Signing Certificate section, find Federation Metadata XML. Then select Download to download the certificate and save it on your computer.

    Screenshot showing the download link for the SAML signing certificate.

  7. In the Set up Roadmunk section, copy the URL or URLs that you need.

    Screenshot showing where to copy configuration URLs.

Create an Azure AD test user

In this section, you'll create a test user in the Azure portal. You'll name the user B.Simon.

  1. From the left pane in the Azure portal, select Azure Active Directory > Users > All users.
  2. At the top of the window, select New user.
  3. In the User properties, follow these steps:
    1. In the Name field, enter B.Simon.
    2. In the User name field, enter the username@companydomain.extension. For example, enter B.Simon@contoso.com.
    3. Select the Show password check box, and then write down the value that's displayed in the Password box.
    4. Select Create.

Assign the Azure AD test user

In this section, you'll enable B.Simon to use Azure SSO by granting access to Roadmunk.

  1. In the Azure portal, select Enterprise Applications > All applications.
  2. In the applications list, select Roadmunk.
  3. On the app's overview page, find the Manage section, and then select Users and groups.
  4. Select Add user. Then in the Add Assignment dialog box, select Users and groups.
  5. In the Users and groups dialog box, in the Users list, select B.Simon. Then at the bottom of the dialog box, choose Select.
  6. If you expect a role to be assigned to the users, choose it from the Select a role drop-down menu. If no role has been set up for this app, the Default Access role is selected.
  7. In the Add Assignment dialog box, select Assign.

Configure Roadmunk SSO

  1. Sign in to the Roadmunk website as an administrator.

  2. At the bottom of the page, select the user icon, and then select Account Settings.

    Screenshot showing where to select user account settings.

  3. Go to Company > Authentication Settings.

  4. On the Authentication Settings page, follow these steps:

    Screenshot showing the Authentication Settings page.

    a. Turn on SAML Single Sign On (SSO).

    b. In the Step 1 section, either upload the metadata XML file or provide the URL for the metadata.

    c. In the Step 2 section, download the Roadmunk Metadata file, and then save it on your computer.

    d. If you want to sign in by using SSO, in the Step 3 section, select Enforce SAML Sign-In Only.

    e. Select Save.

Create Roadmunk test user

  1. Sign in to the Roadmunk website as an administrator.

  2. Select the user icon at the bottom of the page, and then select Account Settings.

    Screenshot showing how to open Account Settings for the test user.

  3. Open the Users tab, and then select Invite User.

    Screenshot showing the Users tab. The Invite User button is highlighted. In the open window, the Email and Role fields are highlighted.

  4. In the form that appears, fill in the required information, and then select Invite.

Test SSO

In this section, you test your Azure AD SSO configuration by using the access panel.

In the My Apps portal, when you select the Roadmunk tile, you should be automatically signed in to the Roadmunk account for which you set up SSO. For more information, see Sign in and start apps from the My Apps portal.

Next steps

After you configure Roadmunk, you can enforce session control. Session control protects the exfiltration and infiltration of your organization's sensitive data in real time. Session control extends from conditional access.

Learn how to enforce session control by using Microsoft Defender for Cloud Apps.