RedJade

RedJade can be configured to provide SAML 2.0 Single Sign-On for your users. This way, they do not have to provide separate login credentials for RedJade. The authentication of the user is done by any SAML 2.0 provider you configure on your side and the user attribute Email Address is sent back to RedJade. 

An overview of SAML

Security Assertion Markup Language (SAML) is a mechanism used for communicating identities between two web applications. It enables web-based Single-Sign-On and hence eliminates the need for maintaining various credentials for various applications and reduces identity theft.

SAML usually involves three things:

• A User – The person requesting the service.
• A Service Provider (SP) – The application providing the service or protecting the resource.
• An Identity Provider (IdP) – The service/repository that manages the user information.

A user requests a SAML SSO to access a resource that is protected by a service provider. The service provider requests the identity provider to authenticate the user. The identity provider checks the existence of the user and sends back an assertion to the service provider that may or may not include the user information. The communication between the identity and service providers happens in the SAML data format. 

RedJade acts as the Service Provider in this mechanism. You can use your own SAML server to act as an Identity Provider or you could use some third party applications like Microsoft Entra ID (Azure Active Directory), Google, OneLogin, Okta, etc.

Fields required by RedJade for SAML 2.0 integration

You can use third party services like Microsoft Entra ID (Azure Active Directory), Google, OneLogin, Okta or any identity provider to verify your users' identity. You need to get the following information from your identity provider in order to configure SAML SSO in RedJade:

• SAML Entity ID – The globally unique name for the Identity Provider. 
• SAML Login URL – The user gets redirected to this URL when he requests SAML SSO in RedJade.
• SAML Logout URL – The user gets redirected to this URL when he logs out. This is optional. If this information is not provided by the Identity Provider, the user gets redirected to the portal.
• SAML certificate – SHA256 certificate provided by the Identity Provider that RedJade uses to validate the authenticity of the Identity Provider.

Fields required by your Identity Provider

The identity provider requires a Consumer Assertion URL to which it redirects the user after the authentication. You need to provide the URL in this format: 

• https://<yoursubdomain>.redjade.net/accounts/saml/auth 

When the user requests for SAML SSO by arriving at RedJade, the encrypted XML Assertion will be sent to this URL. If you add RedJade as an app in your Identity Provider, the user gets redirected to this URL.

How does SAML SSO in RedJade work?

1. User wants to login to RedJade using SAML SSO.
2. RedJade redirects user to the login URL of the Identity Provider, for example, Microsoft Entra ID (Azure AD). 
3. User enters their credentials and the Identity Provider validates the user. 
4. Identity Provider redirects the user to RedJade's Consumer Assertion URL and passes an encrypted SAML Assertion telling RedJade that the user is valid.
5. User attributes such as Email address will be sent along with the Assertion by identity provider to RedJade. 
6. RedJade verifies the identity provider's SHA256 certificate and grants the user access.

Enabling SAML Single Sign-On in RedJade

1. Contact RedJade Support and request that Single Sign-On be enabled.
2. RedJade Support will send you RedJade's metadata file and Basic Configuration Details. 
3. Setup the SSO configuration in your Identify Provider service. RedJade's metadata file can typically be imported when configuring SSO with your Identify Provider.
4. Once the configuration is complete within the Identify Provider service, send your Identify Provider's metadata file by email to RedJade Support to complete the SSO configuration on the RedJade application side.