Enabling SAML single sign-on (SSO)

  • Updated

Welcome to our guide on integrating Single Sign-On (SSO) using Secure Assertion Markup Language (SAML) with Re-Leased. Single Sign-On streamlines the login process, allowing users to access a suite of applications, including Re-Leased, by signing in just once through their company's authentication system. This article will walk IT professionals through the process of enabling SAML SSO in Re-Leased to provide a seamless and efficient login experience for their users.

Understanding How SAML SSO Works Within Re-Leased

SAML SSO within Re-Leased functions as it does with any SAML-compatible service provider. By setting up a trust relationship between Re-Leased and your Identity Provider (IdP), such as Active Directory or LDAP, authenticated users can access Re-Leased without the need for repeated sign-ins, enhancing security and convenience.

Prerequisites for Enabling SAML SSO

To activate SAML SSO for Re-Leased, ensure the following requirements are met:

  • The SSO feature is included in your current Re-Leased plan. If uncertain, please get in touch with our sales team.
  • Your company operates a SAML server that manages user authentication, which can be an in-house solution or a cloud-based service.
  • All traffic to Re-Leased must be secured via HTTPS protocol.
  • Gather crucial setup details including the SAML server's remote login URL and the SHA2 fingerprint of the SAML certificate.

Configuring SAML SSO for Your Re-Leased Account

To enable SAML SSO, follow these steps:

  1. Login to your Re-Leased account with administrator privileges.
  2. Navigate to the top and select Settings, then choose Manage Single Sign On.
  3. Set SAML Sign-on mode to Enabled. Selecting Enforced will make SSO the only login method.
  4. In the Sign-on Url field, input your IdP's remote login URL.
  5. Provide the SAML Public Key by entering the Certificate fingerprint, ensuring secure communication with your SAML server.
  6. Optionally, specify Auto-provisioning domains to automatically create user accounts with matching email domains in Re-Leased.
  7. Confirm proper attribute mapping for auto-provisioning, specifically for first and last names of users.
  8. Document the Audience URIACS URL, and Sign-on URL provided by Re-Leased, and share these with your IT team for IdP configuration.
  9. Finalize your settings by clicking Save.

By implementing these steps, you will activate SAML SSO, allowing users to access Re-Leased quickly and securely with their corporate credentials.

For Azure AD users, a detailed guide to configuring SSO to work with Azure AD can be found here.

Was this article helpful?