Integrating your Identity Provider (IdP) with Remedio is an important step in securing access to your environment. This guide provides clear, step-by-step instructions to help you complete the integration process quickly and correctly.

Whether you're using SAML or another supported protocol, this manual covers everything from basic setup to optional advanced configurations. The goal is to ensure that authentication is secure, consistent, and aligned with your organization's access policies.

What You Will Find in This Manual:

• Prerequisites for Integration: A checklist of what you need before starting the integration process, ensuring a seamless setup.

• Step-by-Step Integration Guides: Detailed instructions on how to connect various IdPs with Remedio, accompanied by helpful screenshots and tips.

• Troubleshooting and Support: Common challenges and their solutions, plus how to reach out to our support team for further assistance.

• FAQs: Answers to frequently asked questions to help clarify any uncertainties you may encounter along the way.

By the end of this manual, you will have successfully integrated your Identity Provider with Remedio, marking a significant milestone in enhancing your organization's security infrastructure. Let's embark on this journey together, towards a more secure and efficient digital environment.

Prerequisites for Integration

Before you begin the integration process of your Identity Provider (IdP) with Remedio, it's essential to have everything in place for a smooth and successful setup. This section outlines all the necessary prerequisites to ensure that you are fully prepared. Please ensure that you have the following before proceeding:

Reply URL and Identifier (Entity ID): These are crucial components that you will use to configure the integration settings in your IdP. The Reply URL, also known as the Assertion Consumer Service (ACS) URL, is where the IdP sends its response after a user has been authenticated. The Identifier (Entity ID) is a unique identifier for Remedio that your IdP uses to recognize our service. Both of these will be provided to you by your Remedio account manager. Make sure to keep these details handy as you go through the setup process.

Sufficient Permissions in Your IdP: To create an application within your IdP that integrates with Remedio, you must have administrative access or sufficient permissions. This is necessary for performing actions such as configuring SAML settings, managing user access, and setting up security policies related to integration. If you are not the administrator, please coordinate with your IT or security team to ensure that you have the appropriate permissions or assistance.

Familiarity with Your IdP's Configuration Process: While this manual will guide you through the general steps for integration, IdPs can vary significantly in their specific configuration processes. Having a basic understanding of how to navigate and make changes in your IdP will be beneficial. If you're unfamiliar, consider reviewing your IdP's documentation or reaching out to their support team for guidance.

Login Screen Update After IdP Integration

Once the IdP integration is complete and synchronization is in place, a new login button will appear on the Remedio login screen, labeled with your Identity Provider’s name (e.g., AAD, Okta, Ping, etc.). This allows users to authenticate directly via SSO. Local user accounts will remain fully operational and unaffected.

Please note that all local users will retain their currently assigned roles. These roles are not updated automatically during the sync. For example, if a user originally had a local account and logs in via IdP after the sync, their existing role will remain unchanged.

To modify a user’s access level, go to Permissions > Roles and update the members of the relevant role manually. For more advanced configurations, such as auto-provisioning and role-based access control (RBAC), refer to the relevant sections of this guide.

Open

Step-by-Step Integration Guide

Azure AD

Add Amazon Cognito as an enterprise application in Azure AD

In this step, you add an Amazon Cognito user pool as an application in Azure AD, to establish a trust relationship between them.

To add new application in Azure AD

1. Log in to the Azure Portal.

2. In the Azure Services section, choose Azure Active Directory.

3. In the left sidebar, choose Enterprise applications.

4. Choose New application.

5. On the Browse Azure AD Gallery page, choose Create your own application.

6. Under What’s the name of your app?, enter a name for your application and select Integrate any other application you don’t find in the gallery (Non-gallery), as shown in Figure 1.

7. Choose Create.
   

   Open

   

   Figure 1: Add an enterprise app in Azure AD

After creating the application in Azure AD, it may take a few moments for the process to complete. Once finished, you will be automatically redirected to the Overview page for the newly added application.

Please note that there is a possibility of encountering a Not Found error during this step, even if Azure AD has successfully created the new application. In such cases, you can navigate back to Enterprise applications in Azure AD and search for your application by its name to locate it.

To set up Single Sign-on using SAML

1. On the Getting started page, in the Set up single sign on tile, choose Get started, as shown in Figure 2.

   Open

   

   Figure 2: Application configuration page in Azure AD

2. Proceed to the next screen and select SAML.

3. In the middle pane, navigate to the Basic SAML Configuration section, and click on the edit icon.

4. In the right pane, within the Basic SAML Configuration, replace the default Identifier ID (Entity ID) with the Identifier (Entity ID) provided by your account manager. Then, in the Reply URL (Assertion Consumer Service URL) field, input the Reply URL provided by your account manager, as depicted in Figure 3. Click on Save to confirm the changes.

   Open

   

   Figure 3: Azure AD SAML-based Sign-on setup

5. In the middle pane under Set up Single Sign-On with SAML, in the User Attributes & Claims section, choose Edit.

6. Choose Add a group claim.

7. On the User Attributes & Claims page, in the right pane under Group Claims, select Groups assigned to the application.

8. Expand the Advanced options mark the “Customize the name of the group claim” checkbox.

• Select sAMAccountName as the source attribute.

• Enable the checkbox "Emit group name for cloud-only groups"

• In the Name field, enter "groups".

• Click Save.

Open

Figure 4: Group Claims

9. Scroll down to the SAML Signing Certificate section and copy the App Federation Metadata URL by choosing the copy into clipboard icon (highlighted with red arrow in Figure 5).

10. Please send the URL to your account manager.

    Open

    

    Figure 5: Option to select group claims

11. Assign the application to the relevant groups.

Okta

Configure SAML integration for your Okta app

Create a new App Integration and select SAML 2.0

Open

Figure 1: new app integration

1. Under General Settings, enter a name for your app.

2. (Optional) Upload a logo and choose the visibility settings for your app.

3. Choose Next.

4. Under General, for Single sign on URL, enter the Single sign-on URL provided by your account manager (as Reply URL) and Audience URI (SP Entity ID) which was also provided by your account manager, as shown in Figure 2.

Open

Figure 2: SAML settings

Under Attribute Statements (optional), add a statement with the following information, as shown in Figure 3: