This help document introduces you to SSO and IdPs and shows you how to configure SAML SSO for Rocketlane using the Azure Active Directory IdP.

What is SSO?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials.

What are Identity Providers (IdPs)?

An identity provider (IdP) is a service that stores and verifies user identity. IdPs are typically cloud-hosted services, and they often work with single sign-on (SSO) providers to authenticate users. Some examples of IdPs are Okta, Google Workspace, and Azure AD.

Creating a SAML SSO Enterprise Application using Azure AD

1. Log in to your Microsoft Azure portal. If you do not have a Microsoft Azure account, create one.
   
   
2. Select Azure Active Directory under the Azure Services section.
   
   
   
   
3. Select 'Enterprise Applications' under the Manage section from the left navigation bar.
   
   
   
   
4. Click on 'New application'.
   
   
   
   
5. Click on 'Create your own application' to get started with creating a new app. 
   
   
6. Add a name for your app in the slider that pops up. Click on 'Create' to begin working on a new application.

   
   

   
   
   
7. From your application's Overview page, select 'Set up single sign on' under the 'Getting Started' section.
   
   
   
   
8. Select SAML from the Single sign-on page of your enterprise application.
   
   
   
   
9. To set up your Basic SAML configuration, click on Edit.
   
   
   
   
10. Add the Identifier (Entity ID) and Reply URL (Assertion Consumer Service URL) to get started with your basic SAML configuration.

    
    

    
    
    
11. Click on Save to add the 'Basic SAML Configuration' setup to your enterprise application.
    
    
    
    
12. Under Attributes and Claims please click on Edit. You need to add two claims here namely email and username.
    
    
    
    
    
13. Click on 'Add new claim' to add a claim.
    
    
    
    
14. In the Manage claim page, add 'email' in the 'Name' field and 'user.userprincipalname' in the 'Source attribute' field.
    
    
    
    
    
    
15. Repeat step 13 and click on 'Add new claim' to add a claim.
    
    
    
    
16. In the Manage claim page, add 'username' in the 'Name' field and 'user.userprincipalname' in the 'Source attribute' field.
    
    
    
    
17. Download the Base64 Certificate and open this file in any text editor. 
    
    
18. You will need the Base64 Certificate, the 'Login URL," and the "Azure AD Identifier' from the 'SAML Based Sign-On" page to configure SAML SSO in your Rocketlane instance.
    
    

Authenticating SAML with Rocketlane

1. From your Rocketlane account, click on your profile icon from the left navigation bar and click on Settings.
   
   
   
2. Go to Security.
   
   
   
   
   
3. Click on Setup SAML SSO.
   
   
4. The 'Setup SAML SSO' dialog box opens.
   
   
   
   
   
5. Copy values from the 'SAML Based Sign-on' page in your Enterprise Application in Azure AD to your SAML SSO setup dialog box in Rocketlane according to this table:
   
   
   

   Azure AD: SAML Based sign-on	Rocketlane App: Setup SAML SSO
   Azure AD Identifier	IDP Entity ID
   Login URL	IDP Login URL
   Certificate (Base64)	X.509 Certificate

   
   
   

   Note: Do not copy the header and footer while copying the certificate.
   
   

   
   
   
6. Click Next. 
   
   
   
7. The 'Do you want to enable SAML SSO?" dialog box appears. Click on 'Yes, enable now'.
   
   
   
   
8. Click on 'View information to be configured in your IdP.'
   
   
9. You will need Rocketlane's (SP) entity ID and Rocketlane's (SP) log-in URL from this dialog box.
   
   
   
10. Copy values from the 'SAML SSO setup' dialog box in Rocketlane to the 'SAML Based Sign-On" page in your Enterprise Application in Azure AD according to this table:
    
    

    Rocketlane App: Setup SAML SSO	Azure AD: SAML Based sign-on
    Rocketlane’s (SP) Entity ID	Identifier (Entity ID)
    Rocketlane’s (SP) Log in URL	Sign on URL
    Rocketlane’s (SP) Log in URL	Reply URL (Assertion Consumer Service URL)

    
    
    
    
11. Click Save to update the 'Basic SAML Configuration' settings in Azure AD.
    
    
    
    
    

Adding People to your SAML App

From the left menu bar in Azure AD, go to 'Users and groups' and select 'Add user or group' to add users from your Azure AD Enterprise Application to SAML SSO. Select users from the 'Add Assignment' page here.

Logging in to Rocketlane using SAML SSO

1. Go to your Rocketlane login.
   
   
2. Choose the 'Sign in with SSO' option.
   
   
3. Enter your credentials on the Azure AD page. You will be redirected and logged in to your Rocketlane account.
   
   

Hey! Hope you find this support document to be helpful. If you have any questions or concerns, you may contact us at care@rocketlane.com.