Azure AD Integration
This feature was added in v1.4, check out the full release notes for this version here.
v1.4, v1.4HF1 - July 2019
This guide covers how to configure a custom SAML app in Azure AD for Single Sign-On use with ResourceXpress.
An Azure AD Premium subscription is required for this feature.
Create a SAML App in Azure AD
Navigate to the Azure portal (https://portal.azure.com/) using an Administrator account.
Select Azure Active Directory from the left navigation panel, then Enterprise applications.
Next click New application, then choose Non-gallery application, fill in an appropriate name, for example, RX SaaS SSO, then click Add.
After adding this new application, navigate to Single sign-on, then choose SAML.
Configure the Entity ID & ACS URL
Click the Edit icon for section 1.
You will be prompted for an Identifier (Entity ID) and a Reply URL (Assertion Consumer Service URL).
The Entity ID will be the root address of your ResourceXpress server, this will be the URL used to access the ResourceXpress admin console via a browser.
Your RX URL is usually https://<company>.rx-cloud.com.
In this example the URL of the ResourceXpress server is https://app.rx.com.
The ACS URL is the same as above with /SsoConsumer added to the end.
Once added click Save found at the top of this pop-up.
Configure User Attributes
Name & Email Address (required)
Next, click the Edit icon for section 2.
From here we will add the required values for ResourceXpress to retrieve user’s names and email addresses.
From this screen, click Add new claim.
Three new claims will need to be added, see the below table for the Name and Source attribute values required.
Name | Source attribute |
---|---|
user.mail | |
firstname | user.givenname |
lastname | user.surname |
After clicking Save for each new claim you will see the User Attributes & Claims list updated with the new values and should look similar to the screenshot below.
RFID, Access Code & Other values (optional)
In addition to synchronising users' details, it is also possible to retrieve other attributes from the Azure Active Directory, which can populate Access Code, RFID, and other values in the ResourceXpress local user's database.
To configure this you will need to add more claims, see the table below for optional claims.
Claim Name | Information |
---|---|
rfid | The RFID value as read by the ResourceXpress system, used for screen authentication. |
accesscode | The users Access Code/PIN, used for screen authentication. |
defaultlocation | The ID number for the Location that the user will have default access to. |
viewonlylocation | A comma separated list of Location ID numbers that the user has access to. |
bookablelocation | A comma separated list of Location ID numbers that the user has access to. |
dateformat |