/
Single Sign On: How to Enable SSO With RapIDadmin

Single Sign On: How to Enable SSO With RapIDadmin

Purpose:

  • This document will walk you through how to enable single sign on to use with RapIDadmin

  • RapIDadmin supports single sign on through SAML 2.0.

  • Setting up SSO may require help from your IT department or SAML identity provider (IdP) administrator.

Definitions:

  • RA: RapIDadmin

  • SSO: Single Sign On

  • SAML: Security Assertion Markup Language. An open standard for exchanging authentication and authorization data between two parties

  • IdP: Identity Provider

Process:

  • Log into RapIDadmin as a Customer (Tenant Admin)

    • To access RapIDadmin select the user avatar > Switch Applications > RapIDadmin

Make sure under “Roles” that a “Default Role” is set.

  • Navigate to Roles | <Choose your role> | Actions | Edit | Default

    • This is the role that will get assigned to the SSO User upon first login.

      image-20250414-165445.png

  • Navigate to RapIDadmin > Administration > Settings to view the Sign Sign On settings (Please reach out to support at Vision Database if you do not see the tab for Single Sign On)

    image-20250401-165158.png

  • Check the Enable Single Sign On Checkbox

  • For lines 1 and 2 of 6

    • Choose your Default Tenant (Click on Magnifying glass, then your Tenant)

    • Select “SAML” as the Identity Provider (IdP)

Auth0 (IdP) Setup

  • Follow the steps below in “Auth0 IdP Setup” (below) to get the Metadata document URL from Auth0

NOTE: Replace “Auth0” (IdP) setup instructions with your IdP’s setup instructions here.

  • Login or Sign up to Auth0: https://manage.auth0.com

    00928ad8-8a5a-4f3a-9edc-f0743be65655.png

  • Choose an Existing Application: Applications→Applications→<My TestSAML App>→Settings

  • Or Create your own “Application” (“My TestSAML App” in this case.)

    6c1afb07-a833-43fa-a8b0-68466ac9a9e3.png

  • Skip the “QuickStart” tab and go to “Addons”

  • Switch tabs in Auth0 to “Addons

    • Enable “SAML2 Web App”

image-20250401-180922.png

Copy the “Identity Provider Metadata” URL from the usage tab of the “Addon: SAML2 Web App” by

  • Going to “Identity Provider Metadata:” (See screenshot below)

    • Hover over the “Download” link

      image-20250401-200710.png

    • Then right clicking and click on “Copy Link address

      image-20250401-201030.png

    • Copy to RA's “Metadata Document URL” in green box below

      image-20250404-210926.png

NOTE: The “Download” link (Above) should have the word “Metadata” in it:

i.e.: https://vdstest.auth0.com/samlp/metadata/NcmaleogJudQ7O2RZa7z8CvHij325QwB

Copy the Email, First Name, Last Name Attributes from Auth0 to RA:

  • This will create the “Signing Certificate” and “Callback URL

image-20250404-214225.png

Copy the “CallBack URL” from RA to “Application Callback URL” in Auth0 (Settings Tab)

  • After pasting, scroll to bottom and click on “Enable” then click the “X” at top right to close.

image-20250404-214704.png

Signing Certificate in RA

  • Copy the following into the black “Settings” box above:

    • { "mappings": { "user_id": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "email": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress" }, "createUpnClaim": true, "passthroughClaimsWithNoMapping": true, "mapUnknownClaimsAsIs": false, "mapIdentities": true, "signatureAlgorithm": "rsa-sha256", "digestAlgorithm": "sha256", "lifetimeInSeconds": 3600, "signResponse": false, "typedAttributes": true, "includeAttributeNameFormat": true, "nameIdentifierFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:unspecified", "nameIdentifierProbes": [ "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameidentifier", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/emailaddress", "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name" ], "authnContextClassRef": "urn:oasis:names:tc:SAML:2.0:ac:classes:unspecified", "logout": { "callback": "http://foo/logout", "slo_enabled": false }, "binding": "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST", "signingCert": "-----BEGIN CERTIFICATE-----\n\n-----END CERTIFICATE-----" }

  • Download the signing certificate from RA.

    • Copy the contents of “signing.cer” from the downloads directory

    • Paste it between the "-----BEGIN CERTIFICATE-----\n" and "n-----END CERTIFICATE-----" markers in the "signingCert" property (near the bottom of the settings json)

  • Scroll down to bottom and click “Enable” (Will say “Save” if looking at it a second time)

    image-20250414-211648.png
    Click the “X” at top right to close the “Addon: SAML2 Web App” dialog box.

 

Paste the “Callback URL to “Allowed Callback URLs” in Auth0

  • Click “Settings” (Next to QuickStart, not settings tab above)

    • Applications→Applications→<My TestSAML App>→Settings

  • Scroll down to “Allowed Callback URLs

  • Paste to the "Allowed Callback URLs" setting in Auth0 (you can add multiple with a comma separator)

NOTE: it was already here by default

image-20250404-195347.png
image-20250404-193629.png
Click Save changes (In Auth0)

Testing

  • Add some users to Auth0 (User Management→Users)

image-20250414-155203.png

  • Make sure they have a first and last name added to their metadata in the Details section

    • Add “givenname” and “surname” to Metadata as follows:

      { "givenname": "(FirstName)", "surname":"(LastName)" }
      image-20250414-155629.png

  • Then you should be able to log in to RA using the Login URL found in the RA settings

    • Administration | Settings | Single Sign On | Login URL

    • i.e. https://www.vdsapps.com/rapidadmin/account/SSOlogin/26f15d4d-917b-4773-80a4-2dd7d9e2abd9

      image-20250414-160730.png