The Single Sign On (SSO) feature allows RPost customers to log in to RPost products using their corporate email address if their organization stores their employee’s identity in Microsoft Azure.
Using SSO helps corporate users save time by not having to enter their credentials each time they need to access RPost products.
This article covers the following topics:
Microsoft Azure SSO setup
To activate SSO for their company users, administrators need to complete a one-time setup in Microsoft Azure, consisting of registering the RCAP endpoint URL in their Microsoft Azure tenant.
To complete the one-time setup, follow these steps:
1. From the RPost product login page, click on the Single Sign-on (SSO) button.
Note: The example below shows the RSign login page. The steps are the same for all RPost products.
2. The first time, if Microsoft Azure has not been configured yet, the following Microsoft pop-up will be displayed. Click on the Accept button.
3. Sign in with the admin account to grant the necessary permissions and complete the necessary setup.
Logging in using SSO
Once the initial setup is complete, users can login using SSO. To do so, follow these steps:
1. From the RPost product login page, click on the Single Sign-on (SSO) button. The example below shows the RSign login page.
2. Click on the Microsoft Azure icon.
3. Select an account or add a new account.
4. Complete the corresponding credentials steps. Once the credentials have been entered, click on Yes when asked whether to stay signed in.
You will be redirected to the product home page after successfully logging into your Microsoft account.
Configuring SSO in RPortal
The customer admin needs to enable the customer account for Single Sign-On. If the customer does not have RPortal access, they should contact their RPost Customer Success or Sales representative.
1. Under the Settings Tab, look for the Single Sign-On option.
2. Enable the Enterprise Authorization SSO by checking the box.
3. After selecting the checkbox, the following options will display:
- Domain Address
- Send Admin Consent
- Enter Admin Email Address
Enter the required domain address. You can add multiple domains by clicking on the + button.
Note: When the Restrict Users to SSO option is set to Enable, users using that specific domain will only be able to login using SSO; in other words, users will not be able to login into the application with their normal credentials.
4. To receive the admin consent, check the Send Admin Consent box and provide the corresponding email address. Alternatively, you can copy the link by clicking on the clipboard icon.
5. Click on the Send Email button to display all the domain addresses and check the ones you would like to send the Admin Consent to. Press the Send Email button.
6. The Admin Consent email will be sent to the provided email addresses.