/
Azure AD Integration

Azure AD Integration

This feature was added in v1.4, check out the full release notes for this version here.
v1.4, v1.4HF1 - July 2019

This guide covers how to configure a custom SAML app in Azure AD for Single Sign-On use with ResourceXpress.

An Azure AD Premium subscription is required for this feature.

Create a SAML App in Azure AD

Navigate to the Azure portal (https://portal.azure.com/) using an Administrator account.

Select Azure Active Directory from the left navigation panel, then Enterprise applications.

Next click New application, then choose Non-gallery application, fill in an appropriate name, for example, RX SaaS SSO, then click Add.

After adding this new application, navigate to Single sign-on, then choose SAML.

Configure the Entity ID & ACS URL

Click the Edit icon for section 1.

You will be prompted for an Identifier (Entity ID) and a Reply URL (Assertion Consumer Service URL).
The Entity ID will be the root address of your ResourceXpress server, this will be the URL used to access the ResourceXpress admin console via a browser.

Your RX URL is usually https://<company>.rx-cloud.com.
In this example the URL of the ResourceXpress server is https://app.rx.com.

The ACS URL is the same as above with /SsoConsumer added to the end.

Once added click Save found at the top of this pop-up.

Configure User Attributes

Name & Email Address (required)

Next, click the Edit icon for section 2.

From here we will add the required values for ResourceXpress to retrieve user’s names and email addresses.

From this screen, click Add new claim.

Three new claims will need to be added, see the below table for the Name and Source attribute values required.

Name

Source attribute

Name

Source attribute

email

user.mail

firstname

user.givenname

lastname

user.surname

After clicking Save for each new claim you will see the User Attributes & Claims list updated with the new values and should look similar to the screenshot below.

RFID, Access Code & Other values (optional)

In addition to synchronising users' details, it is also possible to retrieve other attributes from the Azure Active Directory, which can populate Access Code, RFID, and other values in the ResourceXpress local user's database.

To configure this you will need to add more claims, see the table below for optional claims.

Claim Name

Information

Claim Name

Information

rfid

The RFID value as read by the ResourceXpress system, used for screen authentication.

accesscode

The users Access Code/PIN, used for screen authentication.

defaultlocation

The ID number for the Location that the user will have default access to.

viewonlylocation

A comma separated list of Location ID numbers that the user has access to.
This user will only be able to view information for any resource in this location and will not have the ability to interact with bookings.

bookablelocation

A comma separated list of Location ID numbers that the user has access to.
This user will be able to create and interact with bookings for any resource in this location.

dateformat