SSO Overview

Single Sign-On (SSO) Overview

Single Sign-On (SSO) enables users to authenticate to rConfig V8 using their existing organizational Identity Provider (IdP) credentials. This eliminates the need for separate rConfig passwords, streamlines user access management, and enhances security by centralizing authentication policies.

rConfig V8 supports both SAML 2.0 and OAuth-based authentication protocols, providing flexibility to integrate with enterprise identity management systems. SSO simplifies user onboarding, enables centralized access control, and ensures compliance with organizational security policies.

Supported Identity Providers

rConfig V8 has been tested and verified with the following Identity Providers:

Identity Provider	Protocol	rConfig V8 Support	Documentation
Microsoft Entra ID (Azure AD)	SAML 2.0 / OAuth	✓ Verified	Microsoft SSO Setup
Okta	SAML 2.0	✓ Verified	Okta SSO Setup
Google Workspace	OAuth 2.0	✓ Verified	Google SSO Setup
Shibboleth	SAML 2.0	✓ Verified	Shibboleth SSO Setup
Generic SAML 2.0	SAML 2.0	✓ Supported	Generic SAML Setup

Note

Additional Identity Providers from the Socialite Providers library can be integrated upon request. Contact rConfig support to discuss your specific IdP requirements.

How SSO Works in rConfig V8

When SSO is configured, the authentication flow operates as follows:

1. User initiates login: User navigates to the rConfig login page and selects SSO authentication
2. Redirect to Identity Provider: rConfig redirects the user to the configured Identity Provider
3. IdP authentication: User authenticates using their organizational credentials at the IdP
4. SAML/OAuth response: IdP sends authentication assertion or token back to rConfig
5. User provisioning: rConfig validates the response and creates a user account if it doesn’t exist
6. Approval required: User receives notification that administrator approval is required before access is granted
7. Administrator approval: An rConfig administrator logs in, navigates to Users, and enables SSO access for the new user
8. Access granted: Once approved, the user can successfully authenticate and access rConfig with appropriate role-based permissions

Caution

SSO users are not automatically granted access to rConfig. After a successful SSO authentication attempt, users will be notified that an administrator must approve their access. An rConfig administrator must log in, navigate to Users, and manually enable SSO access for each user. This approval workflow ensures that only authorized users can access rConfig, even if they successfully authenticate through your Identity Provider.

Key Benefits

Centralized access management: Control user access from your existing Identity Provider rather than managing separate rConfig credentials.

Enhanced security: Leverage your organization’s authentication policies, multi-factor authentication (MFA), and conditional access rules.

Controlled access approval: Administrator approval workflow ensures only authorized users gain access to rConfig, even with valid IdP credentials.

Simplified user experience: Users authenticate once with their organizational credentials to access multiple applications.

Automated provisioning with approval: New users are automatically created in rConfig upon first SSO login, but require explicit administrator approval before gaining access.

Compliance and auditing: Maintain centralized audit trails and meet regulatory requirements through your IdP’s logging capabilities combined with rConfig’s approval workflow.

Prerequisites

Before configuring SSO in rConfig V8, ensure you have:

• Administrator access to rConfig V8
• Administrator access to your Identity Provider
• Understanding of your organization’s authentication requirements
• Access to generate and exchange metadata or configuration details between rConfig and your IdP
• Process established for reviewing and approving new SSO user access requests

Getting Started

Select your Identity Provider from the table above and follow the detailed implementation guide for step-by-step configuration instructions. Each guide provides specific configuration parameters, screenshots, and troubleshooting information for that provider.

If your organization uses an Identity Provider not listed above, the Generic SAML Setup guide provides instructions for configuring any SAML 2.0 compliant provider. For OAuth-based providers, contact rConfig support to discuss integration options.

User Access Approval Workflow

After SSO is configured, the typical user onboarding process is:

1. User attempts SSO login: First-time user authenticates successfully through IdP
2. Account created: rConfig creates a user account with SSO access disabled by default
3. User notification: User sees a message indicating administrator approval is required
4. Administrator review: rConfig administrator receives notification of pending user approval
5. Access approval: Administrator navigates to Users section, reviews the user, and enables SSO access
6. User access granted: User can now successfully log in to rConfig via SSO

This approval workflow provides an additional security layer, ensuring that successful IdP authentication alone does not grant access to sensitive network configuration data.

Related Documentation

• User Management - Managing user accounts and permissions
• Role-Based Access Control - Configuring roles and access levels
• Authentication Overview - Understanding rConfig authentication methods
• Security Best Practices - Securing your rConfig deployment