Skip to main content
Version: Next

Redtrust IdP integration with SAML 2.0

Overview

In this tutorial, you'll learn how to to integrate Redtrust with an Identity Provider (IdP) using Security Assertion Markup Language (SAML) 2.0 to enable Single Sign-On (SSO). This tutorial is intended for developers and IT administrators. It assumes you have basic knowledge of common IdPs such as Google Workspace or Microsoft Entra ID (formerly know as Azure Active Directory).

Background

One way to authenticate users in Redtrust is integrating a SAML 2.0 identity provider (IdP) with Redtrust. SAML 2.0 is a widely adopted protocol that facilitates secure communication between an Identity Provider (IdP) and a Service Provider (SP). At the core of this process is the SAML assertion—an XML-based document generated by the IdP that contains authentication details and user information, such as attributes and permissions. This assertion is securely passed to the SP to validate the user and grant access, ensuring seamless and secure user experiences. In this tutorial, you'll configure your software as an SP and establish trust with an IdP to enable SSO.

Before you start

Before continuing with this tutorial make sure you hace access to Redtrust and the IdP you'll be configuring and you have permissions to edit the configuration files.

Step 1: Configure the domain in the IdP for SSO

To configure the application you must access the relevant portal as administrator and follow these steps depending on whether you want to configure SSO for Entra ID or Google Workspace.

  1. Go to Microsoft Entra ID > Enterprise applications.

  2. Select + New Application > Create your own application.

  3. Add a Redtrust as name for the application and click Create.

  4. Click Set up single sign on > SAML. In the Basic SAML Configuration section, click the pencil icon and add the information as follows:

    1. Identifier (EntityId): https://REDTRUST-URL/DOMAIN

    2. Reply URL (Assertion Consumer Service URL): https://REDTRUST-URL/Auth/SamlConsumer

  5. Proceed to the next step without closing the current window.

Step 2: Create the domain in Redtrust

To configure Redtrust server, follow these steps.

  1. Access Redtrust, navigate to Access and click New.
  2. In the dialog box:
    1. Add the alias you want to give to the domain. The domain can match the email domain of the users, that is, the part of the email after the @.
    2. Select SAML 2 as the the domain type and click Next to see all configuration options.

  1. Use the Entra ID application setup that you left open in step 1 to fill the information.

    Redtrust configuration nameLocation in Microsoft Entra ID
    Login URL (HTTP-redirect)Section 4 > Login URL.
    IDP X509 certificate (for signature)Section 3 > Certificate (Base64). Download the file, open it, and copy the content.
    EmailSection 2 > emailaddress.
    NameSection 2 > givenname (the Entra ID user must have a name configured).
    SurnameSection 2 > surname (the Entra ID user must have a configured last name).

  1. Fill the rest of the data as follows:

    • Domain: Name of the Entra ID domain in which you want to SSO.
    • Is it case sensitive? : No
    • ACS by index: No

Summary

In this tutorial, you configured Redtrust as a SP and integrated it with an IdP using SAML 2.0 to enable SSO. You set up the IdP by defining the necessary authentication parameters and then configured Redtrust to trust the IdP. This integration allows users to authenticate seamlessly using their existing credentials, improving security and user experience.

For more details on SAML configuration options, refer to the Domain documentation.