You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
1. On the **Basic SAML Configuration** section, the user does not have to perform any step as the app is already pre-integrated with Azure.
75
+
4. On the **Basic SAML Configuration** section, the **Identifier** and **Reply URL** values are pre-configured with `https://app.recurly.com` and `https://app.recurly.com/login/sso` respectively. Perform the following step to complete the configuration:
76
76
77
-
1. On the **Basic SAML Configuration** section, if you wish to configure the application in **SP** initiated mode then perform the following steps:
77
+
a. In the **Sign-on URL** text box, type the URL:
78
+
`https://app.recurly.com/login/sso`
78
79
79
-
a. In the **Identifier** text box, type the URL:
80
-
`https://app.recurly.com`
80
+
5. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate** section, click **Edit**, select the `...` next to the thumbprint status, select **PEM certificate download** to download the certificate and save it on your computer.
6. Your Recurly application expects the SAML assertions in a specific format, which requires you to add custom attribute mappings to your SAML token attributes configuration.
85
+
The following screenshot shows an example of this. The default value of **Unique User Identifier** is **user.userprincipalname** but Recurly expects this to be mapped with the user's email address. For that you can use **user.mail** attribute from the list or use the appropriate attribute value based on your organization configuration.
86
+
87
+
87
88
88
-
1. On the **Set up single sign-on with SAML** page, in the **SAML Signing Certificate**section, find **Certificate (PEM)** and select **Download** to download the certificate and save it on your computer.
89
+
7. Recurly application expects to enable token encryption in order to make SSO work. To activate token encryption, go to the **Azure Active Directory**> **Enterprise applications** and select **Token encryption**.
![Screenshot shows the activation of Token Encryption.](./media/recurly-tutorial/token.png"Token Encryption")
91
92
92
-
1. Recurly application expects to enable token encryption in order to make SSO work. To activate token encryption, go to the **Azure Active Directory** > **Enterprise applications** and select **Token encryption**. For more information, please refer this [link](../manage-apps/howto-saml-token-encryption.md).
93
+
a. Please contact [Recurly Support](mailto:[email protected])to get a copy of the certificate to import.
93
94
94
-
![Screenshot shows the activation of Token Encryption.](./media/recurly-tutorial/token.png"Token Encryption")
95
+
b. After importing the certificate, select the `...` next to the thumbprint status, click `Activate token encryption certificate`.
96
+
97
+
c. For more information on configuring token encryption, please refer this [link](../manage-apps/howto-saml-token-encryption.md).
95
98
96
99
### Create an Azure AD test user
97
100
@@ -119,11 +122,45 @@ In this section, you'll enable B.Simon to use Azure single sign-on by granting a
119
122
120
123
## Configure Recurly SSO
121
124
122
-
To configure single sign-on on **Recurly** side, you need to send the downloaded **Certificate (PEM)** and appropriate copied URLs from Azure portal to [Recurly support team](mailto:[email protected]). They set this setting to have the SAML SSO connection set properly on both sides.
125
+
Follow these steps to configure single sign-on for your **Recurly** site.
126
+
127
+
1. Log into your Recurly company site as an administrator.
128
+
129
+
2. Navigate to **Admin** > **Users**.
130
+
131
+
132
+
133
+
3. Click the **Configure Single Sign on** button on the top right.
134
+
135
+
136
+
137
+
4. In the **Single Sign-On** section, select the **Enabled** radio button and perform the following steps in the **Identity Provider** section:
b. In the **SAML ISSUER ID** textbox, paste the **Identifier URL** value which you have copied from the Azure portal.
144
+
145
+
c. In the **LOGIN URL** textbox, paste the **Login URL** value which you have copied from the Azure portal.
146
+
147
+
d. Open the downloaded Certificate (PEM) from the Azure portal into Notepad and paste the content into the **CERTIFICATE** textbox.
148
+
149
+
e. Click **Save Changes**.
123
150
124
151
### Create Recurly test user
125
152
126
-
In this section, you create a user called Britta Simon in Recurly. Work with [Recurly support team](mailto:[email protected]) to add the users in the Recurly platform. Users must be created and activated before you use single sign-on.
153
+
In this section, you will invite a new user to join your site and require them to use SSO to test the configuration.
154
+
155
+
1. Navigate to **Admin** > **Users**, click **Invite User** and type the email address of the Azure test user that was previously created. Your invitation will default to requiring them to use SSO.
156
+
157
+
158
+
159
+
160
+
161
+
2. The test user will receive an email from Recurly inviting them to join your site.
162
+
163
+
3. After accepting the invite, the test user will be listed under **Company Users** in your site and will be able to log in using SSO.
0 commit comments