We use SAML (Security Assertion Markup Language), a standard that permits Azure AD to safely pass authorization credentials to service providers like Rewatch.
Azure AD setup
These are instructions for setting up Rewatch SAML SSO with Azure AD.
Setup the Rewatch app in Azure AD
In the Azure AD portal, select
Enterprise applications
from the left-side nav.Next, select
All Applications
in the left side nav, and click theNew application
button above the application list.
Type
Rewatch
In the search boxSelect the Rewatch application from the results.
Click the
Create
button.
When the application finishes creating, click
Single sign-on
in the left-side nav. UnderSelect a single sign-on method
, select SAML.
If prompted to to
Save single sign-on setting
, clickYes
If prompted to test single sign-on, click
No, I'll test later
Click
Download
next toCertificate (Base64)
in theSAML Signing Certificate
box. You will need this to setup the SAML configuration in Rewatch.Copy the
Login URL
under theSet up Rewatch
box. You will need this to setup the SAML configuration in Rewatch.
Rewatch setup
On the Rewatch channel admin page, click on the Security
link in the sidebar.
Paste the Login URL
from Azure AD into the IdP SSO target URL
field and paste the contents of the certificate you downloaded into the IdP Certificate
field. Then, set the email domains that will redirect to your SAML provider on login. Finally, check Enable Saml login for this channel
. Click Save.
You can then test the SAML integration by clicking the Test SAML button. If you login via SAML with the same email as your current admin user account, you will maintain the same admin privileges. Once logged in via SAML, you can enable Enforce SAML-only logins for this channel
.
SCIM
While SAML will automatically update user information whenever they log in, you can additionally setup SCIM to automate deprovisioning and group membership updates immediately after you make these administrative changes. We currently do not support SCIM integration with Azure AD