Configuring SSO for your Domain

Enterprise admins can configure Single Sign-On (SSO) for their domains, allowing their team to sign into their Ruum by SAP account securely.

Prerequisites

Before configuring SSO for your domain, you must have access to the following information:

  • The SSO login URL of your identity provider
  • Your certificate(s) from the identity provider
  • A mapping of a user in the identity provider to a user in Ruum, in detail:
  1. userId: a unique identifier of the user
  2. email: the email address of the user with which they are logging in
  3. firstName: (the first name of the user) & lastName (the last name of the user) OR
  4. fullName: the full name of the user (if not given, it is '<firstName> <lastName>')

Process

As an admin of an enterprise account with Ruum by SAP, the process for configuring your SSO is as follows:

  1. Supply the prerequisite information to Ruum staff and request SSO support
  2. Ruum staff will then create a manifest.xml file and send it back to you, allowing you to upload it to your identity provider
  3. Once the manifest.xml has been uploaded, supply Ruum with a test user account from your identity provider. If this is not possible, assign an existing user to be used for testing purposes.
  4. Once the tests have been successfully completed, Ruum will enable SSO for all required users.

Example SAML Configuration

As each identify provider will have different configuration steps, we advise you to refer to their documentation for further support. As an example configuration, we have chosen Azure Active Directory. This requires an Azure Active Directory Premium license, with further information available here: Azure Active Directory SAML Configuration

  1. Open Azure Active Directory Dashboard
  2. Add a new non-gallery application (we recommend naming this Ruum)
  3. Active Single Sign-on (SSO)
  4. Supply the prerequisite information to the Ruum team, who will then create and return your manifest.xml file
  5. Upload the manifest.xml file to Azure Active Directory
  6. Add prerequisite information to your enterprise directory in CouchDB

Once the SSO is then configured, it can be edited at any time in your Ruum by SAP Admin dashboard

For further information or support, please email support@ruumteam.com